US and European Law Enforcement Authorities Shut Down ChipMixer, Cryptocurrency Mixer Used by Cybercrooks
Read also: two cybercriminals charged with a 2022 US law enforcement database hack, scammers are stealing money and data on the collapse of Silicon Valley Bank, and more.
Thursday, March 16, 2023
US, Germany shutter ChipMixer platform suspected of laundering ransomware payments
US, German authorities in cooperation with law enforcement agencies in Belgium, Poland and Switzerland shut down ChipMixer, a well-known cryptocurrency mixer used by cybercrooks.
The police took down the platform on March 15, seizing four servers, 7TB of data, and over 1,900 Bitcoins (~44.2 million euros). Europol said in a press release that the service that has been in operation since mid-2017 was used by cybercriminals to launder funds obtained via illicit activities like drug and weapons trafficking, ransomware attacks (namely, Zeppelin, SunCrypt, Mamba, Dharma, Lockbit), and payment card fraud. It is said that some 152 000 Bitcoins (about 2.73 billion euros in current estimations) in crypto assets may have been laundered through ChipMixer.
A suspected Vietnamese operator of ChipMixer has been charged in the US with money laundering, operating an unlicensed money transmitting business and identity theft, connected to the operation of ChipMixer.
Police shut down NetWire RAT malware infrastructure, alleged website admin arrested
Law enforcement authorities took down a web domain and hosting server linked to the infamous NetWire multi-platform remote access trojan used by cybercriminals worldwide to compromise computers and steal data. The NetWire malware has been available for purchase (ranging between $80 and $140 depending on features) on hacker forums and via its official website (worldwiredlabs[.]com) since 2012.
As part of the coordinated international law enforcement effort a suspected administrator of the website was arrested in Croatia.
Euler Finance hacked for $196 million
UK-based DeFi lending protocol Euler Finance has lost $196 million in crypto assets in a flash loan attack estimated to be the largest DeFi hack in 2023 so far.
Euler Finance has confirmed the incident in its official Twitter account without providing any information about how and when the attack occurred. According to numerous blockchain security experts, the hacker took advantage of a weakness in Euler’s donateToReserves() function to execute multiple calls with different currencies to generate profit.
Two 'ViLE' cybercrime gang members charged with a 2022 US law enforcement database hack
Two US men suspected to be members of the notorious “ViLE” cybercrime group have been charged for their alleged role in an extortion scheme that involved breaching a restricted database belonging to the US Drug Enforcement Agency (DEA) and a Bangladeshi police official’s email account.
As alleged by the authorities, the suspects, 19-year-old Sagar Steven Singh (aka “Weep”) and 25-year-old Nicholas Ceraolo (aka “Convict” and “Ominous”) used stolen credentials to access the DEA portal containing detailed information, including nonpublic records of narcotics and currency seizures and intelligence reports. The suspects then used the stolen data to blackmail individuals named in the reports, threatening to leak their personal information on a public-facing website.
The breached Bangladeshi police officer’s email account was also used to defraud social media companies by asking information about users.
Both Singh and Ceraolo face up to 5 years in prison for conspiracy to commit computer intrusions. Separately, Ceraolo faces up to 20 years’ imprisonment for conspiracy to commit wire fraud.
Scammers are capitalizing on the collapse of Silicon Valley Bank to steal money and data
The collapse of the startup-focused lender SVB Financial Group, considered to be the biggest bank failure since 2008, has sent shockwaves through the technology and banking industries, at the same time providing a great opportunity for cybercriminals to steal money and data via phishing scams or Business Email Compromise (BEC) schemes.
Multiple security researchers warn of an increase in domain registrations containing the term “SVB” since the Silicon Valley Bank failure on March 10. These domains could be used to perpetrate operations aimed to steal funds, account data, or infect targets with malware. In fact, Proofpoint has already spotted one such campaign designed to steal cryptocurrency from victims’ crypto wallets.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Cybercrime Prosecution Weekly is a digest of most important events related to cybercrime investigation and prosecution, cyber law, as well as to new data breaches and security incidents that deserve attention of our customers and partners. 
