The SRA revealed that the scammers falsely claim to have personal data and threaten to release damaging videos. The emails use the address ”joyti.henchie@attwaters.co” and the name ”Patrice Joyce.” Meanwhile, the Compound Finance website is compromised, and is redirecting users to a phishing site, while the Cambodian marketplace Huione Guarantee has been linked to major crypto scams. CoinStats hack wallets were seen moving close to $1 million in ETH, but Railgun successfully blocked Inferno Drainer’s attempt to launder stolen crypto.
New Bitcoin Scam Resurfaces
The Solicitors Regulation Authority (SRA) in the United Kingdom has issued a warning about a new scam involving emails from fake lawyers demanding Bitcoin (BTC) payments. According to an update on its website, an email from the address “joyti.henchie@attwaters.co” claims to have copied all of the recipient’s personal data and threatens to release damaging videos unless a Bitcoin payment is made.
The scam email includes a link to a Bitcoin wallet, which may also contain malware. It falsely uses the name “Patrice Joyce” and claims to be associated with the legitimate firms Attwaters Solicitors and Attwaters Jameson Hill Solicitors.
However, the SRA confirmed that it does not authorize or regulate a lawyer named Patrice Joyce. According to the SRA, any business or transaction through the email domain “@attwaters.co” is not associated with the genuine firms or people it regulates. The genuine firm’s email domains end in “@attwaters.co.uk” or “@attwatersjamesonhill.co.uk.”
Manjot Kaur Henchie, known as Joyti, is the bearer of the name used in the email address, and is a genuine solicitor working at the legitimate firm Attwaters Jameson Hill Solicitors. Both the firm and Henchie have confirmed they have no connection to the scam email at all.
The alert by the UK regulator is another case that proves just how important it is to be vigilant against email scams and making sure any demands for payment, particularly in cryptocurrencies like BTC, are thoroughly investigated before any action is taken.
A very similar email extortion scam emerged in 2019, and it targeted website owners using Google’s AdSense program. Scammers demanded Bitcoin in exchange for supposedly protecting against an attack that would allegedly result in AdSense account suspension. In 2020, New Zealand law enforcement warned people about a crypto scam where fraudsters blackmail victims by claiming to possess information about their online pornographic activities. The scammers then demand a Bitcoin ransom and threaten to expose the victims’ alleged porn use if they don’t pay up.
Users Urged to Avoid Compound Finance Site
Crypto security investigator ZachXBT has issued a warning to users to avoid the Compound Finance website because it appears to have been compromised. On July 11, ZachXBT advised the community on Telegram to stay away from the site, as it redirects to a newly registered phishing site.
A member of the Compound Finance team confirmed the breach and urged users not to interact with the website to avoid the potential loss of personal data and funds. Michael Lewellen, security adviser at the Compound Finance DAO, also alerted users that the URL has been compromised and is now hosting a phishing site. Despite this breach, Lewellen assured users that the protocol and smart contract funds are still secure.
This is not Compound Finance’s first security issue as it suffered a breach in 2023 as well. The DeFi protocol’s official X account was hacked, and attackers used it to promote a phishing website.
The compromised account advertised free crypto tokens and directed users to a fake site. Luckily, the incident was quickly flagged as a scam by cybersecurity blogger Officer’s Notes and blockchain security platform Scam Sniffer. Compound Labs managed to recover the account within four hours and removed the spam messages.
Phishing attacks have become a big problem in the crypto space. On July 3, CertiK reported that crypto security incidents resulted in $1.19 billion in losses in the first half of 2024, with almost $498 million attributed to phishing attacks alone.
Cambodian Marketplace Linked to Major Crypto Scams
Huione Guarantee, an online marketplace that is operated by the Cambodian conglomerate Huione Group, has been implicated in facilitating online scams across Southeast Asia. According to a recent Elliptic Research report, the platform was involved in transactions of more than $11 billion, and a large portion of this is linked to money laundering and cyber scams.
Tom Robinson, co-founder and chief scientist at Elliptic, explained that the transparency of the blockchain allowed them to quantify these crypto transactions, making it possible for them to track trans and block transactions in ways not possible with other payment methods.
Huione Guarantee operates mainly in Chinese and uses thousands of instant messaging app channels, and each is managed by separate merchants. These merchants provide services essential to cyber scams, including selling personal data, money laundering, and developing software and websites for scams.
Ads on Huione Guarantee for electric shock shackles and electric batons (Source: Elliptic)
Shockingly, the platform also offers tools and equipment for imprisoning and torturing workers in scam compounds. While the platform uses bank transfers and payment apps, it mainly relies on Tether (USDT), which is easier to track than traditional fiat currency. Elliptic’s investigation led to hundreds of crypto addresses being labeled as associated with Huione Guarantee and its merchants.
Robinson pointed out that businesses can use blockchain analytics to avoid transacting and interacting with entities like Huione Guarantee. The now labeled addresses in Elliptic’s tools enable transaction and wallet screening to prevent further laundering of illicit funds.
Elliptic’s 2024 report also revealed the growing use of artificial intelligence in illicit activities, including state-sponsored cyberattacks and deepfake scams. Schemes involving deepfake videos of well known people like Elon Musk and former Singaporean Prime Minister Lee Hsien Loong are increasing. Discussions on dark web forums also reveal that criminals are using AI to reverse-engineer crypto wallet seed phrases and bypass authentication systems.
CoinStats Hack Wallets Moving ETH
Meanwhile, wallets linked to the CoinStats exploiter were seen moving almost $1 million in Ether (ETH) into the crypto mixing protocol Tornado Cash. Blockchain security firm CertiK reported that two wallets associated with the June CoinStats exploit transferred 311 ETH, which is valued at $959,000, to Tornado Cash. One wallet moved 211 Ether, while the other sent 100 ETH to the crypto mixer.
The CoinStats security breach happened on June 22, and affected 1,590 crypto wallets. In response to the breach, CoinStats suspended user activity and isolated the security incident.
The company announced that none of the connected wallets and exchanges were impacted and advised the affected users to move their funds using their exported private keys. By June 30, CoinStats was working on its transaction database and migrating to a different platform to improve its efficiency and reliability. It also implemented system upgrades and audits. Functionality on the CoinStats platform was fully restored by July 3.
On June 26, CoinStats CEO Narek Gevorgyan revealed that the hack involved their AWS infrastructure, and evidence pointed to a socially engineered attack where an employee was tricked into downloading malicious software. Community members reported millions in losses, and one wallet allegedly lost almost $9 million in MKR.
Railgun Blocks Inferno Drainer’s Laundering Attempt
Luckily, not all crypto criminals are this lucky when it comes to laundering their stolen funds. Crypto privacy protocol Railgun’s built-in tool to filter out bad actors successfully thwarted Inferno Drainer’s recent attempt to launder stolen crypto.
On July 10, MistTrack reported that an attempt to launder more than 174 ETH was blocked by Railgun, forcing the stolen ETH back to Inferno’s original wallet address. Alan Scott Jr, a Railgun contributor, explained that the Ethereum-based privacy protocol rejected Inferno’s malicious attempt through its automated Private Proofs of Innocence (Private POI) system. The system makes sure that tokens can only return to the attacker’s address if deemed unwelcome in Railgun.
Railgun was launched in January of 2021, and uses zero-knowledge (ZK) cryptography to protect wallet balances, transaction history, and transaction details. The Private POI system was introduced in January 2023, and uses cryptographic assurance to prevent tokens from known undesirable transactions or actors from entering the Railgun smart contract.
Users have to create a ZK-proof that their funds are not part of a pre-set list of transactions and wallets. Scott stated that the Private POI system detects and blocks transactions linked to nefarious actors, leaving the sender with no option but to withdraw the tokens back to the original address.
Inferno Drainer has stolen over $180 million in crypto from more than 189,000 victims since its inception in August of 2023, according to Dune Analytics. Interestingly, in April, Railgun denied allegations that the North Korean hacking consortium Lazarus Group used the protocol. Despite being labeled a ”prime alternative to Tornado Cash” by Elliptic, Ethereum co-founder Vitalik Buterin defended Railgun.
