Shakeeb Ahmed, a former security engineer previously employed at Amazon, has been handed a three-year prison sentence for orchestrating the hacks of two decentralized cryptocurrency exchanges, resulting in the theft of over $12 million in crypto assets.

Court documents reveal that Ahmed exploited vulnerabilities within blockchain smart contracts to manipulate pricing data. His targets were Cream Finance and Nirvana Finance, from which he siphoned off $9 million and $3.6 million, respectively.

Ahmed attempted to disguise his illicit activities as legitimate vulnerability research. He even tried to negotiate the return of the stolen funds in exchange for substantial “bug bounties.” However, negotiations failed, leading Nirvana Finance to shut down operations. Ahmed used sophisticated laundering techniques such as token-swap transactions, fraudulent bridging across various blockchains, and the conversion of funds into the hard-to-trace Monero cryptocurrency to conceal the source and ownership of the stolen assets.

In addition to the three-year imprisonment, Ahmed has been sentenced to three years of supervised release. He is also ordered to forfeit around $12.3 million, along with a significant chunk of cryptocurrency. He has also been directed to pay over $5 million in restitution to both Cream Finance and Nirvana Finance.

ImmuniWeb can help prevent data breaches and meet regulatory requirements.
Request your free demo now and talk to our experts.

An international operation dismantles a massive phishing platform

In a coordinated effort spanning 19 countries, law enforcement agencies have dismantled one of the world's largest phishing-as-a-service platforms, known as LabHost. The year-long operation, led by Europol, has resulted in the takedown of LabHost's infrastructure.

As part of the operation, the authorities executed searches at 70 addresses globally, leading to the arrest of 37 suspects worldwide, including the developer behind the service, who has been apprehended in the United Kingdom. The investigation uncovered 40,000 phishing domains associated with LabHost, catering to approximately 10,000 users worldwide.

LabHost offered a number of services for a monthly subscription fee averaging $249 per month, including phishing kits, infrastructure for hosting fake web pages, interactive tools for engaging with victims, and comprehensive campaign management services.

The platform also provided a tool called ‘LabRat’ that allowed cybercriminals to monitor and control phishing attacks in real-time and steal sensitive information such as two-factor authentication codes and credentials.

A California man indicted for allegedly developing and selling Firebird RAT

The US authorities apprehended and charged Edmond Chakhmakhchyan, a 24-year-old from Van Nuys, California, for his alleged involvement in the creation and distribution of malware. The accused, who operated under the online alias “Corruption,” is said to have developed the Firebird remote access trojan (RAT) in 2020, later rebranding it as Hive RAT and selling it on various hacking forums.

Chakhmakhchyan would promote the malware on online platforms, facilitate Bitcoin transactions for its licenses, and provide customer support to buyers. The malware provided unauthorized access to computers, allowing its operators to manipulate files, record keystrokes, intercept communications, and pilfer sensitive information such as passwords and financial credentials.

Chakhmakhchyan now faces a slew of charges, including conspiracy to intentionally cause damage to a protected computer, intentionally access a computer to obtain information, and advertising a device as an interception device, each carrying a maximum penalty of five years in prison.

Additionally, Australian police arrested another suspect allegedly involved in the development and sale of the Firebird malware on underground forums. He was charged with twelve counts of computer offenses, each of which carries the maximum sentence of three years in prison. The man is scheduled to appear in court on 7 May, 2024.

A cryptojacker charged with defrauding cloud service providers of $3.5M

The US authorities have accused Charles O. Parks III, aka “CP3O,” of orchestrating an illegal “cryptojacking” operation that defrauded two cloud service providers of over $3.5 million in computing resources to mine cryptocurrency valued at nearly $1 million.

As part of the scheme that spanned from January 2021 to August 2021, Parks used false identities and associated email addresses to set up fraudulent accounts. Through these accounts, he used computing power and storage resources (without making any payments) to mine cryptocurrencies such as Ether (ETH), Litecoin (LTC), and Monero (XMR).

Parks allegedly manipulated the cloud providers into granting him elevated privileges and benefits. It is alleged that Parks laundered the proceeds of his illicit crypto mining through various channels, including cryptocurrency exchanges, non-fungible token (NFT) marketplaces, online payment providers, and traditional bank accounts.

The alleged cryptojacker was charged with wire fraud, money laundering, and engaging in unlawful monetary transactions. If convicted, he could potentially face over 20 years' imprisonment.

An FSB agent sentensed to 9 years for taking bribes from hackers

A former officer of the Russian Federal Security Service (FSB), Grigory Tsaregorodtsev, has been sentenced to nine years in a maximum-security penal colony for taking a bribe from a hacker group.

According to local media, Tsaregorodtsev facilitated the release of members of the Infraud cybercrime group and the dismissal of their criminal case in exchange for a bribe of 160 million rubles (~$1.7 million). The court imposed a fine double the amount of the bribe, and the Russian state will confiscate Tsaregorodtsev's property, including gold bars, real estate, and luxury vehicles.

Tsaregorodtsev, however, claims he committed mere fraud and intends to appeal the verdict. Tsaregorodtsev said it was part of a scheme to deceive entrepreneurs Alexander Kovalev and Vladislav Gilev, who were previously implicated in unlawful financial transactions.

Kovalev and Gilev, along with their associates, were apprehended in 2022 for their involvement in the illicit circulation of payment funds. Investigations revealed that they, along with five other suspects allegedly affiliated with a hacking syndicate, were selling US residents' bank card data, enabling unauthorized purchases without the owners' knowledge. Tsaregorodtsev was arrested in April 2022 following the testimony given by Kovalev and Gilev, and other witnesses, supported by evidence seized from computers and smartphones.

United States of America Russian Federation United Kingdom

What’s next:

Join our upcoming webinars
Follow ImmuniWeb on Twitter, LinkedIn and Telegram
Explore 20 use cases how ImmuniWeb can help
Browse open positions to join our great Team
See the benefits of our partner program
Request a demo, quote or special price
Subscribe to our newsletter

ImmuniWeb Cybersecurity Blog

The award-winning ImmuniWeb® AI Platform helps over 1,000 customers from over 50 countries to test, secure and protect their web and mobile applications, cloud and network infrastructure, to prevent supply chain attacks and data breaches, and to comply with regulatory requirements.

Recent Blog Posts:

Hacker Fakes His Own Death To Avoid Child Support Payments

ATM Skimming Ring Leader Sentenced To 75 Months In Prison

German Authorities Dismantle the Nemezis Market Dark Web Marketplace