Криптоиндустрия на грани: отмывание денег и утечки данных угрожают безопасности Headline: Crypto Industry on the Edge: Money Laundering and Data Leaks Threaten Security

We have compiled the week’s most significant news from the realm of cybersecurity.

The International Consortium of Investigative Journalists (ICIJ) has released a report titled «The Coin Laundry,» shedding light on money laundering schemes utilized by criminal syndicates through major centralized exchanges (CEX).

According to ICIJ, cryptocurrency exchanges continue to facilitate transactions linked to criminal activity, despite regulatory scrutiny. The report specifically mentions the Huione Group, an organization involved in human trafficking and scams across Asia. Journalists claim that Binance received no less than $408 million from this group.

OKX admitted in February 2025 to violating U.S. law and has continued to «receive hundreds of millions of dollars» from the same sources as Binance. The study indicated that over $161 million fell into their accounts even after the U.S. Treasury Department designated Huione as a «primary money laundering risk.»

With the cooperation of 37 media partners from 35 countries, ICIJ gathered hundreds of cryptocurrency addresses linked to North Korean hackers, Russian money laundering schemes, and Chinese drug networks. Analyzing tens of thousands of transactions revealed that criminal groups actively utilized accounts on Binance, Coinbase, OKX, HTX, KuCoin, and other cryptocurrency exchanges.

«The crypto industry has effectively established a parallel shadow financial system where exchanges continue to profit from questionable transactions while crime victims have little chance of recovering their losses,» concluded the investigation’s authors.

A 45-year-old resident of California has pleaded guilty to laundering at least $25 million stolen through a fraudulent scheme, as reported by the U.S. Department of Justice.

According to the agency, Kunal Mehta was part of a group that operated from October 2023 to March 2025. Notably, on August 18, 2024, the perpetrators stole over 4,100 BTC (more than $230 million at the time) from a victim in Washington. Most of the funds were converted into Monero, but mistakes were made, allowing the transactions to be traced back to the stolen assets.

The Justice Department stated that in 2024, Mehta created several shell companies to legitimize the stolen funds, receiving partially «clean» cryptocurrency, which he sent to partners who executed more complex schemes. The money would then return to accounts associated with legitimate firms linked to the Californian.

Researchers from SBA Research uncovered a serious privacy issue in WhatsApp. They were able to collect data from 3.5 billion user accounts due to a lack of restrictions on request frequency, as reported by Wired.

The data scraping was conducted through the web version of the messaging app at a rate of up to 100 million numbers per hour. Ultimately, they managed to obtain photos for 57% of profiles and text from the «About Me» section for 29%.

The publication noted that researchers reported the issue to Meta in April and deleted the gathered data, although the company only fixed the flaw by October.

According to media speculation, prior to this, criminals might have gained similar access. Meta representatives told Wired that there was no evidence of abuse, claiming that only «public data» was exposed.

Country-specific statistics indicated a high proportion of profiles containing open information:

The report also highlighted that WhatsApp is banned in China, Myanmar, North Korea, and several other countries. Nonetheless, experts discovered millions of active accounts linked to numbers from these regions.

Some cryptographic keys were repeated hundreds of times, and for 20 American numbers, researchers found a cipher composed entirely of zeros. Experts suggested that the cause could be the use of unofficial or modified WhatsApp clients rather than the service itself having an error.

Detailed examination of accounts with identical keys revealed that many appeared to be fraudulent. Researchers concluded that the main issue lies in the identification model – phone numbers are not suitable for this role.

According to a Meta announcement, WhatsApp developers are already testing a user name system as a more private alternative.

Myanmar’s military has expanded a large-scale operation against crypto scam camps, dismantling a second major hub in Shwe Kokko city, as reported by Nikkei Asia.

Media sources indicated that on October 25, law enforcement targeted KK Park. During the raid, authorities arrested 346 foreign nationals and confiscated around 10,000 mobile phones used in fraudulent schemes.

On November 17, Google warned of a dangerous vulnerability in the widely-used Chrome browser.

Experts indicated that the issue lies in the improper handling of a specific data type within the JavaScript engine V8, leading to memory corruption. An attacker could exploit this flaw via a web page to execute malicious code.

The corporation also announced that criminals have already attempted to exploit the vulnerability. Google representatives advised users to check their browsers for updates as soon as possible.

Problems at Cloudflare, which led to significant disruptions for clients on November 18, were not the result of a cyberattack, as stated by representatives of the service.

Initially, the infrastructure giant reported a «surge of unusual traffic,» which could have indicated a hack. However, Cloudflare’s Chief Technology Officer, Dan Knecht, later dismissed this theory.

An internal investigation found that an error occurred in the bot mitigation service after routine configuration changes, affecting all other systems.

Cloudflare services approximately 19% of all active websites, as well as internet resources for 35% of Fortune 500 companies. The incident’s repercussions impacted millions of users.