Alleged Fraud Kingpin Deported to China

Each week, Info Safety Media Group rounds up cybersecurity incidents in digital belongings. This week, an alleged fraud kingpin deported to China, Bitfinex hacker gained early launch, Unleash Protocol’s $3.9M hack, TRM tied crypto thefts to the LastPass breach, Belief Pockets’s hyperlink to the Sha1-Hulud assault, Circulation’s NFT mortgage fallout, Ledger’s information publicity and Kontigo reimbursements.

See Additionally: Revolutionizing Cross-Border Transactions with Permissioned DeFi

A businessman accused by U.S. authorities of operating an enormous crypto fraud community has reportedly been detained in Cambodia and deported to China, months after U.S. prosecutors moved to grab billions of {dollars} in bitcoin allegedly linked to his operations. Cambodian officers stated that Chen Zhi, founder and chairman of the Prince Group conglomerate, was arrested and transferred to China at Beijing’s request following a joint investigation. Authorities didn’t say whether or not Chen will face prices in China (see: Cambodian Conglomerate a ‘Pig Butchering’ Outfit, Says US).

U.S. prosecutors allege Chen oversaw forced-labor rip-off compounds in Cambodia that generated billions of {dollars} by means of cryptocurrency funding and romance scams. In October, the U.S. Division of Justice filed its largest-ever forfeiture motion, searching for to grab roughly $15 billion in bitcoin and extra belongings tied to the alleged scheme. The case has taken on geopolitical dimensions, with Chinese language officers disputing points of the U.S. seizure and claiming hyperlinks to an earlier bitcoin theft (see: China Accuses US of $13B Theft).

TRM Lab’s Ari Redbord wrote on LinkedIn that Chi’s switch to China “marks a significant inflection level in one of the crucial important transnational monetary crime circumstances ever pursued by U.S. authorities.” Ought to China prosecute Chen, “from a U.S. perspective, justice can be incomplete: belongings seized and networks disrupted, however no defendant standing trial in a U.S. courtroom.”

Ilya Lichtenstein, the Russian-U.S. nationwide who hacked crypto change Bitfinex and stole almost 120,000 bitcoin, was launched from jail early below the First Step Act, a bipartisan prison-reform regulation signed by U.S. President Donald Trump. Lichtenstein, 38, pleaded responsible to a cash laundering conspiracy cost and admitted to the 2016 Bitfinex hack. A federal courtroom sentenced him in November 2024 to 5 years in jail, with credit score for time served following his 2022 arrest.

Lichtenstein stated on social media he’s now on residence confinement. Lichtenstein’s spouse Heather Morgan, who additionally pleaded responsible to serving to launder the stolen funds, confirmed his launch.

TRM Labs world head of coverage Ari Redbord clarified that the transfer to residence confinement doesn’t replicate a pardon or commutation by Trump. Redbord stated the First Step Act, handed by Congress in 2018, permits the Bureau of Prisons to award earned time credit and switch inmates into prerelease custody. The sentence itself stays in impact and supervision continues, solely the place of confinement has modified.

Morgan, who additionally pleaded responsible to laundering the stolen funds, was sentenced to 18 months and has additionally been launched early below the identical regulation.

Unleash Protocol, a decentralized platform that tokenizes mental property to be used in decentralized finance, suffered a lack of about $3.9 million following an unauthorized sensible contract improve. The corporate stated an externally owned tackle gained signing authority to behave as an administrator inside Unleash’s multisig governance system. Utilizing that entry, the attacker modified a contract with out approval, enabling asset withdrawals outdoors established governance processes.

The exploit allowed the removing of a number of belongings, with blockchain safety agency PeckShield Alert, estimating the whole losses at roughly $3.9 million. After the withdrawals, the attacker bridged the funds by means of third-party infrastructure and in the end deposited funds into Twister Money to obscure transaction trails.

Unleash Protocol has paused operations, engaged exterior safety specialists and begun investigating the incident.

Blockchain intelligence agency TRM Labs says a wave of cryptocurrency thefts in 2025 might be traced again to the 2022 LastPass breach, with attackers draining wallets months or years after encrypted password vaults had been stolen. LastPass disclosed that attackers compromised a developer setting and later accessed encrypted buyer vault backups. Some vaults contained cryptocurrency personal keys and seed phrases together with passwords.

Though the vaults had been encrypted, TRM says weak or reused grasp passwords allowed attackers to crack them offline over time. Somewhat than fast theft, wallets had been drained in delayed waves, indicating the attackers already possessed the personal keys.

TRM traced the stolen funds as attackers transformed belongings to bitcoin, laundered them by means of Wasabi Pockets’s CoinJoin function and cashed out through Russian-linked exchanges. TRM estimates greater than $35 million was stolen throughout a number of waves.

Belief Pockets says the theft of roughly $8.5 million from greater than 2,500 wallets seemingly hyperlinks to the industry-wide Shai-Hulud provide chain assault that surfaced in November. The incident stemmed from a compromise of Belief Pockets’s Chrome browser extension. Attackers uncovered developer GitHub secrets and techniques, having access to the extension’s supply code and a Chrome Internet Retailer API key. With full entry, they uploaded a Trojanized model of the extension with out Belief Pockets’s inner approval course of.

The attackers embedded malicious JavaScript into model 2.68.0, which harvested delicate pockets information and enabled unauthorized transactions. Additionally they registered lookalike domains to host the malicious infrastructure referenced by the extension. Belief Pockets revoked launch APIs, took down the malicious domains and started reimbursing affected customers.

The aftermath of a Dec. 27 exploit on the Circulation blockchain continues to disrupt the ecosystem, with non-fungible token-backed lending among the many hardest-hit sectors. Though the Circulation Basis stated consumer balances weren’t affected, its resolution to pause the Cadence execution setting till Dec. 29 prevented customers from transacting, together with repaying loans that matured in the course of the outage.

Circulation-based NFT lending platform Flowty stated 11 loans matured in the course of the pause. One mortgage repaid routinely, eight defaulted and two didn’t settle resulting from exploit-related account restrictions. Even after the community resumed, ongoing points together with restricted token swapping have left debtors unable to amass belongings wanted for compensation.

To stop additional pressured defaults, Flowty paused all mortgage settlements on Dec. 30. Loans maturing throughout this era stay excellent with out default or curiosity accrual. Flowty has additionally disabled new mortgage listings till broader community performance stabilizes.

Ledger warned clients of a brand new information publicity involving private info after a safety incident at International-e, a third-party e-commerce and logistics supplier used for worldwide orders. In keeping with an e mail shared on social media by blockchain investigator ZackXBT, the incident concerned unauthorized entry to order information that included buyer names and get in touch with particulars, although the whole variety of affected customers has not been disclosed.

Ledger informed The Block that it was notified of the incident and stated the uncovered information associated to purchases made on Ledger.com, the place International-e acts because the service provider of document. The corporate stated that its personal methods weren’t breached and that its {hardware} wallets, software program and self-custodial structure had been safe. Ledger additionally stated no fee info or cryptocurrency-related secrets and techniques, together with restoration phrases, had been compromised.

Latin America-focused stablecoin banking startup Kontigo stated it contained a safety breach over the weekend and absolutely reimbursed affected customers, returning $340,905 in stablecoins to 1,005 clients by Jan. 6. The corporate disclosed the incident on Jan. 5, with co-founder and CEO Jesus A. Castillo saying his personal account was compromised. Castillo stated Kontigo took duty for the breach, asserting that the corporate has recognized the attackers and they’d face penalties.

The incident comes amid an aggressive progress push for the startup. In late December, Kontigo introduced a $20 million seed spherical led by FoundersX Ventures and outlined plans to increase quickly throughout rising markets. The corporate, based lower than a 12 months in the past and backed by Y Combinator, says it has reached $30 million in annualized income, processed over $1 billion in fee quantity and grown to greater than 1 million energetic customers with a small staff.