Major U.S. cloud software provider Blackbaud has agreed to bolster its security defenses and remove unneeded customer data from its systems to settle charges by the Federal Trade Commission alleging …
A former security engineer for an international technology firm has been arrested and charged for allegedly using a smart contract bug to steal $9 million in cryptocurrency from a Solana-based decentralized crypto exchange.
On June 11, the United States Attorney for the Southern District of New York Damian Williams announced the “first-ever criminal case” involving an attack on a smart contract operated by a decentralized exchange (DEX).
In a statement, Williams claims the accused — Shakeeb Ahmed — “used his expertise to defraud the exchange and its users and steal approximately $9 million in cryptocurrency.”
U.S. Attorney Damian Williams announces the first-ever criminal case involving an attack on a smart contract operated by a decentralized cryptocurrency exchange pic.twitter.com/j3JPv2L612
— US Attorney SDNY (@SDNYnews) July 11, 2023
Williams said the attack was carried out in July 2022 and was aimed at a Solana-based DEX.
The attack involved exploiting a vulnerability in the exchange’s smart contracts to generate inflated fees with flash loans.
These were then withdrawn and laundered through a “series of complex transfers on the blockchain where he swapped cryptocurrencies, hopped across different crypto blockchains, and used overseas crypto exchanges.”
While Williams did not disclose the DEX that was exploited in July, previous reporting from Cointelegraph reveals an unknown hacker exploited Solana-based liquidity protocol Crema Finance on July 2, 2022, stealing $9.6 million in cryptocurrency.
The exploiter later returned most of the funds but was allowed to keep $1.6 million as a white hat bounty.
Similarly, William’s statement also noted that Ahmed decided to return all of the stolen funds except for $1.5 million on condition the crypto exchange did not refer the attack to law enforcement.
“None of those actions covered the defendant’s tracks or fooled law enforcement, and they certainly didn’t stop my Office or our law enforcement partners from following the money,” he said.
Ahmed was arrested in New York and has been indicted on charges of wire fraud and money laundering related to the attack of the Solana-based DEX in July 2022.
Cointelegraph…
A New York man employed at a medical testing lab in New Jersey allegedly sabotaged his competitor’s operations by posing as a repairman to enter the other laboratory’s offices, based in Millburn, and disabled their computer systems and security devices, according to the Justice Department.
Eric Leykin, 32, of Brooklyn, was indicted in federal court last week on charges of wire fraud, accusing him of using a prepaid cellphone to call his competitor in July 2022, posing as an employee from the lab’s tech support firm, and made an appointment to service their equipment the following day, according to court documents.
Upon arriving at the facility, Leykin allegedly proceeded to sever wires connected to the lab’s security system, removed multiple computer hard drives, unplugged the company’s backup generator and damaged various testing devices, the indictment claims.
If convicted, Leykin could serve up to 20 years in federal prison and face a fine of either $250,000 or an amount equal to the company’s financial losses as a result of the alleged scheme.
This article originally appeared on NorthJersey.com: NJ medical lab employee accused of sabotage, posing as repairman
Traditional “Pump and Dump” schemes involve stimulating investor interest in low-cost (typically less than $1 per share) stock using press releases, cold calls, and social media advertising to spread false or misleading information about the issuing company. As the U.S. Securities and Exchange Commission (“SEC”) warns on its “Investor.gov” website, “fraudsters typically …[seek] to create a buying frenzy that will ‘pump’ up the price of a stock and then ‘dump’ [i.e. sell] …their own shares at the inflated price.” See my July 25, 2022, blog “Mony a Mickle Maks a Muckle: SEC Charges Foreign Nationals with Two Microcap Frauds,” where the prices of the low-priced stock (generally called “microcap” securities or “penny stock”) were inflated because of undisclosed promotional campaigns, followed by carefully organized selling operations at the peak prices by the miscreants. Now comes a major technological innovation to such a scheme (the “Hack Attack”), where there is only limited need to expend the time, money, or efforts on a promotional campaign to raise the stock price; the retail investors do not have to be induced to actually buy the “dumped” stock.
On Monday, August 15, 2022, the SEC filed a Complaint (the “Complaint”) in the Federal Court for the Northern District of Georgia, Atlanta Division, charging 13 individuals, five entities, and two relief defendants with i) illegally accessing at least 31 retail brokerage accounts in the U.S. in late summer of 2017 and in early 2018; and ii) causing those accounts to purchase the securities of two microcap securities: Lotus Bio-Technology Development Corp., a Nevada corporation based in Port Coquitlam, British Columbia, Canada, after moving from Point Roberts, Washington (“LBTD”); and Good Gaming, Inc., f/k/a HDS International Corp., also a Nevada corporation based in Kennett Square, Pennsylvania (“GG”). The stock of each company is quoted on the OTC Link operated by OTC Markets Group, Inc. For a detailed description of the OTC Market Group, Inc., and the OTC Link, see my Oct. 29, 2020, Blog “Keeping Securities Disclosures in the Pink: Amendments to SEC Rule 15c2-11.” LBTD…