Two Suspects Behind 14M Holograph Crypto Heist Arrested In Italy
Read also: a Russian ransomware actor was extradited to the US, Germany cracks down on illegal crypto ATMs, and more.
Thursday, August 22, 2024
Italian police arrest two in a $14.4M crypto heist, suspects to be extradited to France
Italian authorities have detained two suspects believed to have stolen $14.4 million from the blockchain platform Holograph after a two-month investigation involving multiple international law enforcement agencies.
The suspects, who were apprehended in Italy, are accused of exploiting a vulnerability in Holograph's operator contract to mint one billion of the platform’s native HLG tokens. The tokens, valued at approximately €13 million (nearly $15 million) at the time, were fraudulently created and then laundered.
Following their arrest, the suspects are expected to be extradited to France in the coming weeks, where they will face charges related to the hacking incident. Law enforcement agencies also seized a range of assets and electronic devices from the suspects.
While the identities of the suspects have not been disclosed to protect the integrity of the case, Holograph’s internal probe determined that “a disgruntled former contractor” was behind the hack.
Georgia extradited a Russian ransomware actor to the US
A member of a Russian cybercrime group has been extradited to the US to face multiple charges. Deniss Zolotarjovs, 33, from Moscow, Russia, was indicted by a federal grand jury, facing charges of conspiracy to commit money laundering, wire fraud, and Hobbs Act extortion.
He was apprehended by law enforcement in Georgia in December 2023 and has been in custody since. Earlier this month, Georgia extradited Zolotarjovs to the United States.
The US Department of Justice has not named the criminal organization Zolotarjovs is allegedly affiliated with, but has described it as a notorious cybercrime gang that attacked computer systems across the world to steal data and demanded ransom from victims for not releasing the stolen information to the public. The group operates a leak website where they list victim organizations and offer stolen data for download.
Zolotarjovs is alleged to have been an active participant in the criminal enterprise, communicating with other members, laundering cryptocurrency obtained from victims, and engaging in extortion. He is the first alleged member of the group to be arrested and extradited to the United States.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
A former employee charged with hacking and extortion against employer
US authorities have charged a New Jersey man with hacking into his employer's network and launching a sophisticated extortion scheme. The accused, Daniel Rhyne, allegedly exploited his role as a core infrastructure engineer to carry out the cyberattack.
According to court documents, Rhyne used his knowledge of his employer’s IT systems to create a hidden virtual machine (VM) on the company's network. The system was then utilized to run automated scripts designed to sabotage the company’s digital infrastructure. The scripts allegedly altered employee account passwords, deleted critical backups, and eventually shut down the company's servers, causing operational disruptions.
Once the attack was underway, Rhyne reportedly sent a ransom demand via a newly created email account, insisting that the company pay $750,000 in Bitcoin within a week to regain access to their network and avoid further data destruction.
The US Federal Bureau of Investigation (FBI) launched an investigation into the scheme and was able to trace the hidden VM machine to one of Rhyne’s personal laptops, eventually leading to Rhyne’s arrest.
A hacker who breached the Hawaii state registry to fake his death gets 81 months in prison
Jesse Kipf, hailing from Kentucky, the US, has been given an 81-month prison sentence for computer fraud and aggravated identity theft.
In January 2023, Kipf hacked the Hawaii Death Registry System using the stolen credentials of a physician from another state. He then created a fraudulent death record for himself, even going so far as to complete and certify a State of Hawaii Death Certificate Worksheet using the doctor’s digital signature. As a result, he was listed as deceased in numerous government databases.
Kipf admitted that his actions were part of a scheme to avoid paying child support. He also hacked into the death registry systems of other states, private business networks, and governmental and corporate systems, using stolen credentials from real individuals. Kipf attempted to sell access to the compromised networks on the Dark Web.
The financial damage caused by Kipf’s actions, including the costs of restoring the affected systems and his unpaid child support obligations, amounted to over $195,000. Kipf will be required to serve 85% of his prison sentence, meaning he will spend nearly 70 months behind bars. After his release, he will be under the supervision of the US Probation Office for three years.
Germany seizes illegally operated cryptocurrency ATMs in a major crackdown
Germany's Federal Financial Supervisory Authority, BaFin, has seized 13 cryptocurrency ATMs and confiscated nearly €250,000 in cash. The operation, carried out in coordination with the Federal Criminal Police Office (BKA), the Deutsche Bundesbank, and local law enforcement, targeted unauthorized machines that were allegedly being used to facilitate money laundering.
According to BaFin, the seized ATMs were operating without the necessary permissions and posed significant risks for money laundering and other financial crimes.
According to BaFin, operators of cryptocurrency ATMs must adhere to a number of requirements, including the “know your customer” (KYC) procedures. The regulations mandate that anyone accepting cash transactions exceeding €10,000 must verify the customer's identity to prevent money laundering.
The operation, which spanned 35 locations across Germany, involved around 60 officers who worked together to locate and seize the illegally operated machines. According to the regulator, those found guilty of operating the unlicensed ATMs could face up to five years in prison.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
