Hacker Drains $20 Million in Crypto from US Government Wallets

cp6225 cash being sucked out of a large safe 970588b6 61cf 48ea 9362 52ea875cd4fb 3685d01e84 1 - Hacker Drains $20 Million in Crypto from US Government Wallets cp6225 cash being sucked out of a large safe 970588b6 61cf 48ea 9362 52ea875cd4fb 3685d01e84 1 - Hacker Drains $20 Million in Crypto from US Government Wallets

U.S. government wallets linked to seized 2016 Bitfinex hack funds were compromised.

It is estimated  that about $20 million was stolen from the government’s wallets. Meanwhile, Singapore’s BingX crypto exchange announced a new security initiative, ”ShieldX,”  which is being launched after a $52 million hot wallet breach in September. Radiant Capital was hit with a $50 million malware attack that targeted its developers earlier this month, and the exploiter recently transferred the funds to Ethereum.

US Government Wallets Compromised

On Oct. 24, a wallet that is believed to be controlled by the United States government was compromised. This compromise resulted in the loss of $20 million. The funds in question are linked to assets that were seized from the infamous 2016 Bitfinex hack. 

According to the blockchain analytics form Arkham Intelligence, the hacker transferred the funds to a wallet starting with ”0x348,” which contained various digital assets, including USD Coin (USDC), Tether (USDT), aUSDC, and Ethereum (ETH). The attacker also reportedly started converting the stablecoins into ETH and is using addresses likely tied to a money-laundering service to try and hide the origins of the funds.

The seized assets originally stemmed from the 2016 Bitfinex hack, During the hack, Ilya Lichtenstein stole close to 120,000 Bitcoin. The stolen assets are valued at around $8.2 billion at today’s market prices, and it was one of the largest losses in the history of cryptocurrency hacks. 

Lichtenstein and his wife, Heather Morgan, were arrested by U.S. authorities in 2022, and the stolen funds became part of the largest digital asset seizure that was executed by the Department of Justice. In a plea deal in July of 2023, both Lichtenstein and Morgan pleaded guilty to charges of money laundering and conspiracy to defraud the government. While Lichtenstein initially admitted to only laundering the funds, he later confessed to being the hacker behind the breach.

Heather Morgan and Ilya Lichtenstein (Slource: CNBC)

In court filings that were submitted earlier this month, prosecutors recommended a reduced sentence for both because of their cooperation with law enforcement as well as their lack of prior criminal history. Morgan was described as a ”lower level” participant and did not spend much of the stolen assets. She now faces 18 months in prison. A five-year sentence was suggested for Lichtenstein, yet it was still a big reduction from the original 20-year term initially that was pursued.

The Bitfinex hack is still one of the most well known and largest incidents in the history of crypto. Unfortunately, crypto hacks have become a recurring issue, and Rekt estimates that close to $81 billion worth of tokens have been lost due to exploits since 2011.

Cumulative lost and recovered crypto (Source: Rekt)

BingX Launches ShieldX After Hack

Despite the fact that hacks are a growing threat to the crypto space, there are some companies that are making it a priority to fight these incidents in the future. Singapore-based crypto exchange BingX announced a new initiative called ”ShieldX” after its hot wallet exploit in September that resulted in the theft of $52 million. In an Oct. 24 statement, the exchange revealed that ShieldX includes an upgraded wallet firewall to against threat actors and to secure users’ assets. 

To boost its defenses even more, BingX has also partnered with security firms to establish continuous monitoring and threat detection measures. According to Vivien Lin, the exchange’s chief product officer, the launch of ShieldX is a step forward when it comes to strengthening the platform’s security a bit more proactively.

The security breach happened on Sept. 20 when hackers targeted BingX’s hot wallets and stole approximately $52 million across a number of blockchains, including Ethereum, BNB Chain, Base, and Optimism. In response, BingX stopped withdrawals for several assets like Tether, USD Coin, Bitcoin, and ETH. Ehe exchange was able to restore its regular operations after the incident.  

While Lin initially downplayed the incident as a ”minor” breach and assured users that all of the affected funds would be fully covered by the exchange’s own capital, the extent of the stolen amount proved to be quite substantial.

To make things worse, BingX previously faced controversy over compliance issues. In April, Telegram administrators for the exchange admitted that the platform allowed Iranian users to bypass sanctions. The exchange at that time even featured an Iranian version of its website, and officials communicated in Persian in the official Telegram group. 

FBingX was founded in 2018, and grew to facilitate more than $300 million in daily trading volume, which allowed it to rank among the top 20 cryptocurrency exchanges worldwide, according to CoinMarketCap data.

Radiant Hacker Moves Stoken Crypto

The hacker behind the recent Radiant Capital exploit transferred almost all of the stolen funds from layer-2 networks to Ethereum. This was likely done in an attempt to hide the stolen assets’ trail. On Oct. 24, blockchain security firm PeckShield reported that the exploiter moved about 20,500 ETH, which is worth close to $52 million, from Arbitrum and Binance BNB Chain to the Ethereum network. 

This activity happened after the Oct. 16 exploit where the DeFi protocol Radiant Capital suffered a breach of more than $50 million. In response, the platform paused its lending markets and advised users to revoke approvals to affected smart contracts to protect their funds.

A post-mortem was released by Radiant Capital on Oct. 18, and it revealed that the incident wasn’t a typical smart contract exploit. Instead, it involved a sophisticated malware attack that compromised the devices of at least three core developers. This gave the attackers control over the platform’s multisignature wallet. 

Radiant Capital is a cross-chain DeFi lending platform that allows users to earn interest and borrow assets across networks like Ethereum, BNB Chain, and Arbitrum. Since the hack, the platform’s total value locked has plummeted by 66%, and it now stands at around $24 million, according to data from DefiLlama.

Radiant Capital’s TVL (Source: DefiLlama)

This incident is not the first time Radiant Capital  faced a security breach. In January, the platform suspended its lending markets after a $4.5 million flash loan exploit. Flash loan attacks are a popular type of DeFi exploit where a cybercriminal takes out an uncollateralized loan and uses it to manipulate the market in their favor.

It very often involves multiple protocols and it takes place within seconds. These attacks have become the most common in the DeFi space because of their low cost and ease of execution. Since DeFi’s rise in 2020, flash loan attacks have been in the headlines a concerning amount of times, and they still continue to grow and change.

Hackers also frequently use Ethereum as a means to launder stolen funds by using mixers like Tornado Cash to conceal their tracks. This strategy has been used in a number of crypto-related exploits this year already, including incidents involving WazirX, CoinStats, Orbit Chain, Pancake Bunny, Unizen, and Penpie. 

PeckShield previously pointed out that by converting assets to ETH quickly, it can help hackers secure their gains before authorities or token issuers can intervene. In September alone, crypto hacks collectively resulted in losses of over $120 million.

This article was originally Posted on Coinpaper.com