Read also: Laptop farm operator involved in N.Korean IT worker fraud gets 8 years in prison, BlackSuit ransomware sites seized by law enforcement, and more.

Views: 3k Read Time: 5 min.

CoinDCX Employee Arrested In Connection With $44M Heist

CoinDCX software engineer arrested in connection with $44M crypto heist

Indian police have arrested a 30-year-old software engineer working for CoinDCX crypto exchange. The engineer in question, Rahul Agarwal, was taken into custody after investigators linked his company-issued laptop to a $44 million breach that took place earlier this month.

According to authorities, the hack occurred in the early hours of July 19 and was first flagged when a seemingly trivial transfer of 1 USDT (Tether) to an external wallet triggered internal alerts. Within hours, massive unauthorized transfers were executed across six separate crypto wallets, draining millions from the platform.

Agarwal, a full-time employee at CoinDCX, had been issued a laptop designated solely for official use. Internal audits revealed that his laptop was the only device compromised during the breach. The authorities then discovered an unexplained payment of over $17,000 deposited into Agarwal’s personal account.

During questioning, Agarwal denied direct involvement in the theft but admitted to using the company laptop for freelance work, which is strictly prohibited by CoinDCX’s internal policies. He also said he got a strange WhatsApp call from a German number and files from unknown clients that may have infected his system. He claimed he didn't know who the clients were, as he took jobs from various private parties without checking their backgrounds. Investigators are now examining whether the breach was the result of negligence, a targeted cyber-attack, or a coordinated insider operation.

Laptop farm operator involved in North Korean IT worker fraud gets 8 years in prison

Christina Marie Chapman was sentenced to 102 months in prison for her role in a large-scale fraud scheme that enabled North Korean IT workers to illegally obtain employment with hundreds of US companies, generating over $17 million in revenue for the Democratic People’s Republic of Korea (DPRK). In addition to prison time, Chapman was ordered to serve three years of supervised release, forfeit nearly $285,000, and pay $176,850 in restitution.

The scheme allowed North Korean IT workers, posing as US citizens or residents using stolen identities, to secure remote jobs at 309 American companies, including major corporations across sectors such as media, aerospace, technology, and automotive manufacturing.

According to the authorities, Chapman ran a “laptop farm” from her home. She received and managed laptops from US employers under the false pretense that the work was being conducted domestically. Authorities seized over 90 laptops during an October 2023 search of her residence. Chapman also shipped company-issued devices overseas, including multiple shipments to China, near the North Korean border.

In parallel, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) has imposed sanctions on three North Korean nationals, as well as the Korea Sobaeksu Trading Company, for their involvement in the North Korean remote IT worker schemes.

BlackSuit ransomware sites seized in a global law enforcement op

Law enforcement agencies have taken down the Dark Web infrastructure of the BlackSuit ransomware operation, one of the most prolific cybercriminal groups in recent years. The seizure was part of a coordinated international crackdown dubbed ‘Operation Checkmate.’

Initially operating as Quantum, the RaaS rebranded as Royal in 2022–2023, followed by BlackSuit in 2023, and now appears to be rebranding once more as Chaos. It should be noted that the new endeavor is unrelated to previous Chaos builder-generated variants.

The total ransom demands attributed to the group have exceeded $500 million, with individual extortion attempts reaching as high as $60 million. BlackSuit primarily targeted commercial and public sector organizations outside of the CIS region, particularly in the US, Europe, and Japan. As of now, there’s no official information if any arrests were made in connection to Operation Checkmate.

Meanwhile, the FBI announced the seizure of over 20 Bitcoins from a cryptocurrency wallet linked to a member of the Chaos ransomware group. The funds were traced to an affiliate known as ‘Hors,’ who is suspected of carrying out cyber-attacks and extortion schemes targeting businesses in the US.

In recent years, international authorities have increasingly targeted ransomware gangs and the RaaS infrastructure. In October 2024, authorities arrested four individuals connected to the infamous LockBit ransomware group, including a developer, a bulletproof hosting service administrator, and two additional affiliates. Following the arrests, the US Treasury Department sanctioned several members of LockBit.

In November of the same year, Russian authorities apprehended Mikhail Matveev, aka ‘Wazawaka,’ a well-known ransomware actor. Around the same time, Russian national Evgenii Ptitsyn, an administrator for the Phobos ransomware group, was extradited from South Korea to the US to face criminal charges. In December 2024, a Romanian national involved in the Netwalker ransomware operation was sentenced to 20 years in prison. More recently, Kazakh authorities have arrested a man from the city of Almaty in connection with a series of ransomware attacks. He is accused of infiltrating servers belonging to foreign companies, encrypting their data, and demanding ransom payments.

As part of the efforts to neutralize ransomware threats, Europol launched Operation Endgame, a multi-agency initiative aimed at dismantling the malware droppers, which are tools used in the initial stages of ransomware attacks. The operation resulted in the takedown of 100 servers and over 2,000 domains linked to the dropper ecosystem. Four individuals were arrested, including one suspect who reportedly earned at least $70 million by leasing infrastructure for ransomware deployment.

In the latest phase of Operation Endgame, authorities dismantled critical infrastructure used to deploy ransomware, taking down around 300 servers and disabling 650 domains worldwide. International arrest warrants were also issued for 20 suspects linked to the operation.

Developers of Samourai Wallet plead guilty to unlicensed money transmitting charge

Keonne Rodriguez and William “Bill” Lonergan Hill, the developers behind the privacy-focused Bitcoin mixing service Samourai Wallet, have pleaded guilty to one count each of conspiracy to operate an unlicensed money transmitting business. The pair initially pleaded not guilty in April 2024 to charges alleging they ran a crypto service that processed more than $2 billion in unlawful transactions, including funds linked to Dark Web marketplaces such as Silk Road.

Samourai Wallet, launched in 2015, marketed itself as a tool for enhancing privacy in Bitcoin transactions using techniques such as coin mixing. Authorities argue the service was used extensively to conceal proceeds from criminal activities.

The developers now face up to five years in prison for the lesser money-transmitting offense. The plea deal also includes a forfeiture agreement totaling nearly $238 million, with $6.3 million to be paid before sentencing, which is scheduled for November of this year.

In an unrelated case, Cameron Albert Redman, a 22-year-old Canadian national, was sentenced to one year in prison for conspiracy to commit wire fraud, wire fraud, and conspiracy to commit aggravated identity theft. In May 2022, Redman and his co-conspirators stole over $794,000 by hacking the X accounts of digital artists and tricking their followers into visiting fake NFT sites. Victims were misled into authorizing transactions that allowed the conspirators to steal their cryptocurrency and NFTs, affecting over 200 individuals.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Fraudster convicted in multi-million dollar romance scam

Kenneth G. Akpieyi, also known as “Phillip Anderson,” a US citizen, has been convicted on multiple charges stemming from a years-long romance scam that defrauded victims of more than $3 million. Akpieyi was found guilty of conspiracy to commit mail and wire fraud, conspiracy to commit money laundering, and mail fraud.

Using platforms like Facebook and Instagram, Akpieyi and his accomplices gained their victims' trust before moving conversations to encrypted apps like WhatsApp. Once emotional ties were established, the perpetrators fabricated urgent financial needs to solicit money from their victims.

Akpieyi funneled victim funds through his business using multiple bank accounts to obscure the origins and destinations of the money. The funds traced to overseas accounts, including in China and the United Arab Emirates.

Akpieyi’s sentencing is scheduled for November 5, 2025. He faces up to 20 years in prison for each count of mail fraud and conspiracy to commit mail and wire fraud, along with a fine of up to $250,000 or twice the gross gain or loss. The money laundering conspiracy charge also carries a maximum sentence of 20 years and a fine of up to $500,000.