Cryptocurrency Kidnapping, Phishing Scams, and Major Cybersecurity Incidents: Weekly Roundup

Here are the latest significant developments in the cybersecurity landscape over the past week.

Moroccan police apprehended 24-year-old Badis Mohamed Bajju, who is suspected of orchestrating a series of kidnappings involving cryptocurrency millionaires and their families in France. This was reported by Le Figaro.

Bajju is listed in Interpol’s red notices. Authorities from multiple nations accuse him of kidnapping, unlawful detention, violence, extortion, and money laundering as part of an organized group.

He is alleged to be linked to the kidnapping of Ledger co-founder David Ballan along with his wife, the father of a manager from a Maltese marketing firm, and an attempted abduction of the pregnant daughter of cryptocurrency entrepreneur Pierre Noizat.

According to police reports, all attacks were coordinated and financed by Bajju from Morocco, with the involvement of an accomplice who has not yet been identified by authorities. Investigators believe that the suspects recruited teenagers online to carry out the crimes in France.

Cybercriminals are spreading phishing links disguised as giveaways of NFTs on the Hedera Hashgraph network. The FBI issued a warning about this.

Victims receive tokens, but the accompanying transaction memo encourages them to visit a website to claim additional rewards. On the site, individuals are prompted to enter their wallet data and other sensitive information, allowing the attackers access to their assets.

Such malicious links are also disseminated through email, social media ads, and fake websites.

The data breach at the cryptocurrency exchange Coinbase that occurred in January has been linked to bribery of employees from the international outsourcing firm TaskUS. This contractor provided customer support and moderation services for the trading platform, as reported by Reuters.

An employee from the Indian TaskUS team was caught trying to photograph her work computer screen with her phone. She, along with at least one accomplice, provided attackers with users’ names, blockchain addresses, and email information for compensation. Fortunately, passwords, private keys, and funds remained unaffected.

The exchange has since «terminated its relationship with the involved personnel» and enhanced its security protocols. In response, TaskUS dismissed over 300 employees from its Indian division.

The cybersecurity police in Zaporizhia uncovered a 35-year-old local man responsible for causing significant losses through illicit cryptocurrency mining on the servers of an international hosting company.

According to the investigation, the Ukrainian hacked into over 5,000 organizational accounts and launched virtual machines using the company’s resources. His actions led to approximately $4.5 million in damages.

During the raid, police seized computer equipment, mobile phones, and bank cards. On the devices, they found cryptocurrency wallets, mining software, information-gathering tools, and remote control applications.

A case has been initiated regarding unauthorized interference with information systems, and the suspect faces up to 15 years in prison. The investigation is ongoing.

According to Izvestia, 35-year-old Dmitry Pavlov, the administrator of the dark web marketplace Hydra, has cooperated with authorities and received a six-year prison sentence. He was found guilty of participating in a criminal organization and assisting in the illegal trafficking of large quantities of narcotics.

In exchange for his plea deal, Pavlov provided detailed testimony regarding the operations of the online «narco-cartel,» how it was established, and who led it. He testified as a prosecution witness in late May at the Dzerzhinsky District Court in Yaroslavl.

Separate proceedings have been initiated against Boris Gubko, a freelance programmer associated with the head of Hydra.

The third suspect was detained in April 2024, with their name undisclosed; however, sources from the law enforcement agencies indicated that this individual held a higher position within the organization than Pavlov.

The U.S. Attorney’s Office shut down a major carding website called BidenCash, seizing 145 domains and arresting cryptocurrency assets.

Since its inception in 2022, the illicit marketplace has served over 117,000 clients, facilitating the trade of more than 15 million payment card numbers and personal data. Its total criminal earnings are estimated at around $17 million.

The Central Bank of Russia has alerted financial institutions about a new shadow business scheme involving cryptocurrency exchanges, online casinos, financial pyramids, and drug traffickers, as reported by Vedomosti.

Payments are being processed using drop accounts held by individuals to corporate accounts registered to so-called technical companies—legal entities with no real operations.

The regulator has outlined criteria for identifying suspicious transactions:

Banks are advised to scrutinize such transfers and, if necessary, restrict transactions for clients linked to drops or technical companies.

Meta and Yandex utilized their trackers on Meta Pixel and Yandex.Metrica sites to deanonymize users by connecting temporary web identifiers to permanent IDs within Android mobile applications. This was pointed out by a group of security researchers noted.

While Android is designed to isolate browsers from applications, a vulnerability allows the browser to send a specific identifier to the local port of the device, which can then be read by the application and transmitted to the company’s server. Information can be collected even in incognito mode.

Approximately 5.8 million websites are potentially vulnerable due to Meta and 3 million for Yandex, where the respective scripts are installed.

Both companies have temporarily suspended the use of this technology.

We’ll now review the Pro version of the Tonkeeper wallet and see how it helps protect funds.