From Recruitment to Espionage Detection at Kraken

The incident began with a seemingly routine application for an engineering position. But the candidate’s behavior quickly raised red flags. In the first interview, the applicant joined under a different name than the one listed on their resume, then quickly changed it. Additionally, they occasionally used different voice tones, suggesting they were being coached in real time during the interview.

Kraken had already received warnings from industry partners that North Korean hacker groups were actively applying for jobs at crypto companies. When one of the email addresses used by the applicant matched a suspicious address from these warnings, Kraken’s Red Team (penetration testing unit) launched an investigation.

Using Open-Source Intelligence (OSINT) methods, Kraken’s team researched the applicant. They found that the email address had been leaked in a past data breach and was linked to multiple fake identities. Some of these identities had even been hired by other firms, and one of them belonged to a foreign agent listed under sanctions.

The candidate was also hiding their location using a VPN and accessing remote Mac desktops. The GitHub profile listed on their resume was tied to a previously exposed email. The identification document provided appeared to be fake and likely created using information stolen during a 2019 identity theft case.

The Hacker’s Downfall

Rather than cutting off contact, Kraken advanced the applicant through the hiring process — not to hire them, but to study their tactics. The candidate was subjected to several cybersecurity assessments and identity verification tasks. The final round? A “casual” interview with Kraken Chief Security Officer (CSO) Nick Percoco and other team members.

During this meeting, the applicant faced real-time verification questions: confirming their location, showing a government-issued ID, and even recommending some local restaurants in the city they claimed to live in. The hacker became visibly nervous and flustered, unable to answer the basic questions. It was now clear: this was not a legitimate job seeker, but a state-sponsored attacker attempting to infiltrate the company.

Kraken CSO Nick Percoco commented on the event:

Don’t trust, verify. That’s a core principle of the crypto world and even more critical in the digital age. State-sponsored attacks aren’t just an American issue — they’re a global threat. Any person or business managing value is a potential target.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates

The post North Korean Hacker Tried to Infiltrate Kraken Exchange! appeared first on Coin Engineer.

According to blockchain security firm CertiK, the most significant loss was the $13 million smart contract exploit of the Abracadabra.money decentralized lending protocol on March 25.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

Major Code Vulnerabilities and Wallet Breaches

• Code vulnerabilities accounted for over $14 million in losses.
• Wallet compromises resulted in over $8 million being stolen.
• The Zoth protocol suffered a $8.4 million loss after its deployer wallet was compromised.

Some Funds Were Recovered!

While over $33 million was stolen in total, decentralized exchange aggregator 1inch successfully recovered most of the $5 million stolen in a March 5 exploit after negotiating a bug bounty agreement with the attacker.

However, blockchain investigator ZachXBT claimed that an unidentified Coinbase user lost 400 Bitcoin ($34 million).

Additionally, the Australian Federal Police warned 130 people on March 21 about a crypto scam impersonating exchange sender IDs.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Crypto Fraud Losses Drop in March appeared first on Coin Engineer.

North Korea-Linked Lazarus Group in Action!

According to a pseudonymous crypto analyst, the Lazarus Group, linked to North Korea, has successfully laundered the majority of the funds stolen from Bybit on February 21. Only 156,500 ETH remains to be moved, which is expected to happen within the next three days.

You Might Be Interested In: Elon Musk Talks About the Name of a New Memecoin!

The FBI has flagged 51 Ethereum addresses, while Elliptic has identified over 11,000 wallet addresses connected to the hackers. Chainalysis reports that the attackers have converted portions of the stolen Ether into Bitcoin (BTC), Dai (DAI), and other assets using DEXs, cross-chain bridges, and instant swap services.

THORChain Under Fire!

Hackers have been utilizing decentralized protocols to obscure their transactions. One of the most criticized platforms in this process has been THORChain. Developer “Pluto” announced they would no longer contribute to the protocol after a proposal to block North Korean hacker-linked transactions was overturned.

The Bybit hack, with a $1.4 billion loss, is the biggest exploit in crypto history, surpassing the $650 million Ronin Bridge hack from March 2022 by more than double.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

The post Bybit Hackers Resume Laundering! appeared first on Coin Engineer.

The infamous hacker Anubis has resurfaced after a three-year hiatus, introducing a new token that has already shown a staggering 153-fold increase in value. Initially launched with just 2 ETH in liquidity, the token has quickly gained attention within the cryptocurrency community.

New Token: ANKH

The new token, named ANKH, has rapidly gained popularity among investors. However, caution is advised with this token due to the hacker’s previous history of disappearing with investors’ ETH in past projects.

Leaked Seed Phrase and Security Concerns

The launch of the token has already been marred by a security scandal. There are claims that the seed phrase for the ANKH contract address has been leaked, allowing anyone with access to it to mint additional ANKH tokens, potentially driving the token’s value to zero.

Past Scandal: AnubisDAO

n 2021, Anubis made headlines with the AnubisDAO project. This project faced allegations from investors claiming they were defrauded of a total of 60 million USD in ETH. Marketed as a decentralized reserve currency supported by bond sales and liquidity provider fees, AnubisDAO managed to attract significant investment through its Discord servers and active Twitter accounts, despite lacking a website.

READ: Pyth Network Launches Express Relay to Combat MEV in DeFi.

On October 28, 2021, AnubisDAO launched a token sale on the Copper platform. Participants exchanged ETH for ANKH tokens, raising 60 million dollars in ETH in less than 24 hours. However, just twenty hours after the sale, a shocking event occurred where 13,597 ETH was mysteriously withdrawn from the token sale pool and transferred to an unknown address.

Conclusion and Investment Warning

The developments surrounding the ANKH token and the previous scandal highlight significant risks for investors. It is crucial to consider these factors before making any investment decisions.

This article does not constitute investment advice

The post Lost Hacker Returns with New Altcoin After $60 Million Disappearance! appeared first on Coin Engineer.

The hacker(s), who had not moved the ETH for a long time, sent the ETH to Tornado Cash in batches of 100. Experts believe that the Lazarus Group, which is linked to North Korea, is behind the attack and theft. The fact that the attackers have not responded to any of Poloniex’s reward offers so far further strengthens this possibility.

The Lazarus Group made a name for itself in 2022 with the Ronin Network attack, stealing $600 million worth of cryptocurrency.

The US banned Tornado Cash last year, citing its use in laundering funds from attacks to support North Korea’s nuclear weapons program. A Tornado Cash developer was also arrested in the Netherlands last year for this reason.

The cryptocurrency world argues that applications like Tornado Cash protect privacy, a human right, and should not be banned.

The US recently arrested the developers and founders of Samurai Wallet for similar reasons.

The post Hacker Launders 1100 ETH Through Tornado Cash appeared first on Coin Engineer.

In an ambitious on-chain message, the hacker laid out his vision for transforming KyberSwap. They are promising to overhaul the entire platform, something that will elevate it from its current position as the 7th most popular decentralized exchange (DEX) to a groundbreaking cryptographic project. They claim that liquidity providers will get their rewards for their market-making efforts.

You might also like: What is Yearn Finance?

While some people view the hacker’s demands as a desperate attempt to legitimize their actions, others are concerned that this sets a dangerous precedent for the future of decentralized finance (DeFi). There are doubts about claims that the hacker has a better plan than the current management of the platform, and the threat of invalidating the “agreement” if any legal action is taken has raised concerns about the hacker’s intentions.

The KyberSwap team has yet to respond to the hacker’s demands, but the pressure is mounting. The deadline of December 10th is approaching and the fate of KyberSwap remains uncertain. Even while the hacker holds the stolen funds, and has the power to disrupt the platform’s operations.

The post KyberSwap Hacker Shocked Community! appeared first on Coin Engineer.

The hacker’s latest message came in response to the reward deal initially suggested by KyberSwap. Under that agreement, the hacker would return 90% of the stolen funds and keep the remaining 10%. However, KyberSwap responded with the threat of legal action if the attacker did not comply immediately.

Undeterred by KyberSwap’s threats, the hacker continued to challenge, stating they would be willing to negotiate if treated with respect. The attacker proposed a new deal with KyberSwap to be announced on November 30th, but cautioned it would not be published if the hostility continued.

You may be interested: New Mechanism from Chainlink!

This latest development sent shockwaves through the cryptocurrency community as the fate of the stolen funds remained up in the air. The hacker’s demands for a more civil negotiation tone may signal a desire to reach a friendly resolution, but insistence on legal action by the KyberSwap team could escalate the situation further.

As negotiations continue, the cryptocurrency community watches with bated breath, hoping for a solution that will see the stolen funds returned to their rightful owners. However, as both sides continue to stand their ground, the outcome remains uncertain.

The post Hacker Responded: Be Civil! appeared first on Coin Engineer.