crime

A cybersecurity firm has laid out the mechanics of a North Korean hacking campaign that quietly tunneled through the infrastructure of cryptocurrency exchanges and staking platforms - and the entry point was a front-end web vulnerability most defenders weren't watching.

Key Takeaways
North Korean hackers exploited a React front-end vulnerability (CVE-2025-55182) to breach crypto firms' cloud infrastructureAWS credentials were stolen to extract private keys, source code, and sensitive configuration filesDPRK stole a record $2.02B in crypto in 2025 - roughly 13% of the country's GDPTactics are shifting: fake recruiters and embedded IT workers are replacing purely technical attacks
Ctrl-Alt-Intel published its findings, attributing the operation to North Korean state-affiliated threat actors with "medium confidence." The campaign zeroed in on exchange software vendors, staking platforms, and crypto exchanges - the operational backbone of the digital asset industry.
How the Attack Unfolded
The attackers' initial foothold came through React2Shell (CVE-2025-55182), a critical front-end vulnerability that opened the door to cloud environments. From there, the group moved laterally using stolen AWS credentials, hunting for private keys, source code, and credentials buried in Secrets Manager, Terraform files, and Kubernetes configurations. Docker images tied to ChainUp clients were also pulled. The attack infrastructure traces back to a server in South Korea (IP: 64.176.226[.]36) and the domain itemnania[.]com.
The operation fits a broader, escalating pattern. North Korean hackers pulled in a record $2.02 billion in stolen cryptocurrency across 2025 - a 51% jump over 2024 - even as the total number of attacks dropped by 74%. The math tells the story: fewer hits, but far more precise and lucrative ones.
Those funds aren't sitting idle. Analysts estimate stolen crypto now accounts for roughly 13% of North Korea's GDP, with proceeds flowing directly into its nuclear and ballistic missile development programs.
The Heists That Defined the Year
The scale of recent individual heists underscores how far the regime's capabilities have advanced. The Lazarus Group - Pyongyang's most prominent state-sponsored hacking unit - was behind the February 2025 theft of $1.5 billion from Bybit, the largest single crypto heist on record. The same group is suspected in a $30.4 million hit on Upbit later that year. DMM Bitcoin lost $308 million to a North Korea-attributed attack in December 2024.
What's changing is the method. Cybersecurity analysts point to a deliberate pivot away from purely technical exploits toward social engineering. The "Contagious Interview" campaign has seen hackers impersonating recruiters to lure developers into executing malicious code under the guise of technical job assessments. Separately, North Korean operatives have been caught embedding themselves as IT workers inside crypto firms, gaining privileged internal access before pulling the plug.
What Comes Next
Dmitri Alperovitch, co-founder of CrowdStrike, has described DPRK-linked groups as more "creative and aggressive" than their Russian or Chinese counterparts - a characterization the Bybit heist did little to contradict.
Industry analysts aren't expecting a slowdown. Despite measurable security improvements across decentralized finance, the consensus is that high-value, low-frequency attacks will continue through 2026. The incentive structure is simple: one successful breach can outperform dozens of smaller ones, and North Korea has demonstrated it knows how to find that breach.
#crime

Riot Platforms has agreed to pay $20 million in cash to SBI Crypto, bringing an end to a high-profile legal battle tied to a failed 2021 bitcoin mining hosting deal.

Key Takeaways
Riot will pay $20 million to settle its dispute with SBI Crypto.A key court ruling sharply reduced potential damages before the deal.The agreement follows a $185 million Rhodium settlement in 2025.Riot reported record 2025 revenue and is pivoting toward AI and HPC infrastructure.
The agreement removes a major legal overhang just as the company accelerates its pivot toward AI and high-performance computing infrastructure.
The settlement was verbally reached on February 16, 2026, and disclosed in Riot’s annual report on March 3, only a week after trial proceedings began in federal court in Texas. The deal represents a global resolution of all claims by SBI Crypto and counterclaims from Riot’s subsidiary, Whinstone.
The Dispute That Sparked the Lawsuit
The conflict began in April 2023 when SBI Crypto, a subsidiary of Japan’s SBI Holdings, sued Whinstone over alleged breaches of a hosting agreement at Riot’s Rockdale, Texas facility. SBI claimed the infrastructure could not support the promised mining capacity, leading to operational failures and reduced bitcoin output.
Initially, SBI sought more than $175 million in lost profits, plus around $50 million related to equipment costs. However, a key court ruling on February 2, 2026 blocked the use of appreciated bitcoin prices in the damages calculation. That decision sharply reduced Riot’s potential liability and opened the door to the $20 million compromise.
A Second Major Settlement in Rockdale
The SBI resolution follows another significant legal deal completed in April 2025. Riot finalized a $185 million settlement with Rhodium Enterprises, ending a separate, years-long dispute over hosting contracts at the same Rockdale site.
Under that agreement, Riot paid $129.9 million in cash, issued nearly $49 million in common stock, and returned a $6.1 million power security deposit. In return, the company acquired Rhodium’s mining assets and secured full control of 125 megawatts of power capacity, transitioning the facility entirely to self-use.
The deal also included a mutual dismissal of all lawsuits and appeals, effectively providing a global release between the parties. Analysts estimated that exiting the hosting arrangement could save Riot more than $90 million over six years, while also reducing legal costs that had reportedly climbed to roughly $5 million per quarter.
Record Revenue and a Strategic Pivot
With both disputes now resolved, Riot reported record revenue of $647.4 million for fiscal year 2025, up from $376.7 million in 2024. As of early March 2026, the company held 18,005 BTC, valued at approximately $1.19 billion.
At the same time, management is reshaping Riot’s long-term strategy. The company is moving beyond a pure bitcoin mining model and increasingly positioning itself as a provider of infrastructure for artificial intelligence and high-performance computing workloads.
Clearing Legal Overhangs to Refocus Growth
The $20 million settlement with SBI may be far below the original claims, but strategically it closes a contentious chapter. Combined with the Rhodium agreement, Riot has effectively exited legacy hosting contracts and consolidated full control of its Rockdale operations.
With litigation risks largely contained and infrastructure fully aligned with its new direction, Riot now appears focused on deploying capital toward mining efficiency and AI-HPC expansion rather than courtroom battles.
#RIOT #crime

A former Los Angeles Police Department officer was found guilty Monday of kidnapping and robbery after he and a crew of accomplices impersonated police officers to steal $350,000 in Bitcoin from a 17-year-old in a Koreatown high-rise.

Key Takeaways
Former LAPD officer convicted of kidnapping and robbery over a $350,000 Bitcoin heist.Fake police raid used vests, handcuffs, and insider access to target a 17-year-old.Victim threatened with violence before handing over crypto hard drive.Jury rejected defense claim about the origin of the Bitcoin.
Eric Halem, 38, was convicted March 2, 2026, following less than a day of jury deliberation at Los Angeles County Superior Court. Sentencing is scheduled for March 31.
The Robbery
On December 28, 2024, Halem and his co-conspirators entered a residential high-rise wearing police vests and told occupants they were there to execute a search warrant. They used an access code - provided by an inside contact - to bypass building security. Once inside the unit, they restrained the victim's girlfriend using LAPD-issued handcuffs.
When the 17-year-old returned to the apartment, the men threatened to shoot him in the foot, waterboard him, and kill him. He eventually handed over a hard drive holding the cryptocurrency. The entire operation bore the hallmarks of a calculated, intelligence-driven heist rather than an opportunistic crime.
Who Is Eric Halem?
Halem spent 13 years with the LAPD before resigning in 2022. At the time of the robbery, he held the status of active reserve officer — a detail prosecutors leaned on heavily to establish how he obtained department-issued restraints and understood police protocols well enough to sell the impersonation.
Outside law enforcement, Halem ran DriveLA, a luxury car rental business, and was reportedly in development on a reality TV show centered on his lifestyle. He was already under investigation for insurance fraud involving a staged accident with a Bentley when he was arrested for the Bitcoin theft — a sequence of events that painted a portrait of someone long comfortable bending rules before crossing into violent crime.
Halem's legal team attempted to muddy the waters at trial by eliciting testimony suggesting the victim's cryptocurrency was itself obtained through fraud. The argument did not move the jury. The origin of stolen property has no bearing on whether a robbery occurred, and deliberations wrapped up quickly.
A Growing Pattern
The case fits an increasingly recognized template: criminals using the perceived authority of law enforcement to coerce victims into surrendering digital assets. Cryptocurrency, unlike cash, leaves no physical trace once transferred — making it a high-value target for organized theft operations willing to use violence.
The parallels to the 2024 federal conviction of Remy St Felix are notable. St Felix led an interstate ring that kidnapped victims across multiple U.S. states to extract Bitcoin access through physical force. Halem's case suggests the tactic has taken root at the local level as well, with participants drawn from institutions that provide both tactical knowledge and credibility.
Halem's co-defendants, including Gabby Ben, have not yet stood trial. Prosecutors allege Ben has ties to the Israeli criminal underground and was closely connected to Moshe Matsri. The broader network behind the robbery remains an open question as those cases proceed.
#bitcoin #crime

Alexey Pertsev, the founder of the cryptocurrency anonymization service Tornado Cash, is facing charges from Dutch authorities for alleged involvement in laundering a sum of $1.2 billion.
Alexey Pertsev Accused of Over Thirty Illegal Acts
Tornado Cash is increasingly coming under scrutiny for its association with cryptocurrency crime, rather than providing intended services. Dutch investigators have been tracking Pertsev in connection with a series of investigations, including 36 suspicious transactions. Among the most prominent was 175 ETH transferred from the Ronin Bridge crypto protocol, linked to Axie Infinity.
Other illegal transactions subject to Dutch prosecutors' charges include transactions via decentralized protocols Harmony and Nomad Bridge.
Keith Cheng, lawyer for Alexey Pertsev, stated that "prosecutors accuse Pertsev of money laundering and generally describe it, but do not specify the specific acts allegedly committed."
Dutch authorities, however, strongly accuse Pertsev of involvement in money laundering. This claim gains weight considering that Pertsev was arrested in August 2022 by the Dutch Fiscal Information and Investigation Service (FIOD) on suspicion of laundering $7 billion in cryptocurrencies.
OFAC Sanctions Against Tornado Cash
Before Pertsev's arrest, Tornado Cash was sanctioned by the Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury for involvement in money laundering totaling several billion dollars. Among the organizations accused of using Tornado Cash services was the North Korean hacking group Lazarus.
Pertsev was arrested shortly after these sanctions, but was later released on bail. In August of the following year, he was arrested again, this time on charges of money laundering, with the arrest conducted by the FBI. This occurred at a time when the cryptographic detective ZachXBT reported tracking a suspicious wallet linked to Tornado Cash since the beginning of 2023.
Since his first arrest in 2022, Pertsev has vehemently denied any involvement in money laundering or violations of money laundering laws.
The trial of Alexey Pertsev is scheduled for March 26 in the Netherlands.
#crypto #crime

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

Two teenagers from California are facing adult felony charges after authorities say they carried out a violent home invasion in Scottsdale, Arizona, targeting a family they believed controlled tens of millions of dollars in cryptocurrency.

Key Takeaways
Two teenagers allegedly targeted a Scottsdale home in a failed attempt to steal $66 million in cryptocurrency.The suspects posed as delivery drivers, assaulted residents, and fled before being arrested after a brief police chase.Investigators say the attack may be part of a growing trend of violent “wrench attacks” linked to crypto theft.
According to investigators, the incident unfolded on January 31, 2026, when 17-year-old Jackson Sullivan and 16-year-old Skylar LaPaille allegedly drove more than 600 miles from San Luis Obispo County to the Sweetwater Ranch neighborhood in Scottsdale. Prosecutors say the pair were attempting to steal roughly $66 million in digital assets, but the plan collapsed after police arrived during the attack.
Delivery disguise used to gain entry
Police say the suspects posed as delivery workers, wearing FedEx- or UPS-style uniforms and carrying a moving dolly. When a resident opened the door, the teens allegedly forced their way inside. A male victim was thrown to the ground, while two adults were restrained with duct tape.
During the assault, the suspects reportedly demanded access to the family’s cryptocurrency holdings. When one victim denied having control over any digital assets, investigators say the attackers escalated the violence, forcing his head into the ground.
A third victim, the adult son of the household, was elsewhere in the home at the time. Authorities say he managed to hide and call emergency services while the assault was still in progress.
Arrest after brief chase
Scottsdale police arrived quickly, triggering a chaotic escape attempt. The suspects fled in a blue Subaru fitted with stolen license plates, leading officers on a short pursuit that included driving into oncoming traffic. The chase ended at a dead end, where police boxed in the vehicle and arrested both teenagers without further injuries.
During the arrest, officers recovered a 3D-printed firearm from the suspects. The weapon contained no ammunition, and investigators have not confirmed whether it was functional.
Alleged recruitment via encrypted messaging
Investigators believe the teens did not act alone. According to police filings, Sullivan and LaPaille claimed they were contacted through the encrypted messaging app Signal by individuals known only as “Red” and “8.”
These alleged organizers are believed to have supplied the Scottsdale address and sent $1,000 to cover expenses. Authorities say the money was used to purchase disguises, duct tape, and other supplies at Target and Home Depot. Detectives are still working to identify and locate the alleged coordinators.
Facing adult charges
Both suspects are charged with eight felony counts, including kidnapping, aggravated assault, second-degree burglary, aggravated robbery, possession of burglary tools, and fraudulent schemes and artifices. Sullivan also faces an additional charge for unlawful flight from law enforcement.
Although initially held in juvenile detention, both teens were later released on $50,000 bonds and are now under electronic monitoring while awaiting trial as adults.
Part of a growing crypto crime trend
Security analysts have classified the Scottsdale case as a “wrench attack,” a term used to describe physical assaults aimed at forcing victims to hand over digital assets. The attack is believed to be the first such case recorded in the U.S. in 2026, following a sharp increase from 41 reported incidents in 2024 to around 70 in 2025.
The home invasion occurred on the same day Nancy Guthrie, the mother of Savannah Guthrie, was reported missing in Tucson. While a separate cryptocurrency ransom demand linked to that case led to the arrest of a California man, authorities have stated there is no direct evidence connecting the Scottsdale teenagers to the Guthrie investigation.
Law enforcement officials say the case highlights the growing risks faced by individuals perceived to hold large amounts of cryptocurrency, particularly as organized groups increasingly turn to real-world violence when digital theft proves difficult.
#crime

A federal police officer from Australia denies allegations of unauthorized confiscation of bitcoins from a hardware wallet at the scene of intervention and their transfer to the Binance cryptocurrency exchange.
The Australian anti-corruption agency (NACC) accused this federal police officer of emptying the Trezor hardware wallet, containing 81.62 bitcoins, at the scene of the incident. To support their claim that the bitcoins were transferred to his ownership, authorities relied on cryptocurrency tracking programs.
Raid Reveals an Empty Wallet
According to recent information, the police discovered the wallet during a drug raid at the accused's house, but waited approximately three weeks for a court order to open it. When it was finally opened, there were no bitcoins inside the wallet, as Federal Detective William Wheatley likely transferred them shortly after the raid.
At the time of the raid in 2019, the wallet was valued at $309,000, but its value now stands at approximately $4.2 million.
Tracking and Disclosure: Significance of Cryptocurrency Software
Detective Sergeant Deon Achtypis from the cybercrime unit stated that authorities initially suspected someone from a criminal syndicate might be responsible for the bitcoin theft.
Suspicion fell on Wheatley after the discovery of the wallet's recovery phrase device, a series of 12 to 24 random words used to regain access in case of wallet loss or theft.
Extensive investigation of IP addresses used to access the stolen bitcoins through cryptocurrency tracking software eventually led Achtypis to Wheatley.
Disclosure and Legal Ramifications
"I judge that a member of the police force may have been involved in cryptocurrency manipulation."
Globally, law enforcement agencies are adopting cryptocurrency tracking software to uncover illegal activities associated with digital currencies.
In August 2023, Canadian law enforcement agencies announced the initiation of using Chainalysis Reactor software to track illegal crypto transactions.
Furthermore, the development of encryption detective software leads to higher success in recovering stolen cryptocurrencies. On January 29, over $674 million was retrospectively recovered from over 600 major cryptocurrency hacks.

Defense of the Accused
Meanwhile, Wheatley maintains his innocence in the accusations of abuse of public office for personal gain, theft, and involvement in criminal activity.
He is determined to face charges related to the stolen bitcoins from the Trezor wallet, which occurred at a time when Trezor reported a security flaw affecting nearly 66,000 users.
On January 1, it was announced that Trezor detected unauthorized access to a third-party support portal on January 17, warning of potential user data compromise for those who communicated with the Trezor support team since December 2021.
 $BTC
#Bitcoin #crime #Australia #BTC
 
 
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“