Case 1
Introduction:
A client was deceived in a cryptocurrency-to-fiat exchange transaction (received high-quality counterfeit cash and discovered it only at the bank), and the funds were sent in USDT tokens to a cold wallet address. Most of the funds continued to be held in the cold wallet address, and a small portion was sent to exchanges.
Analysis and actions taken:
Considering that the majority of the assets were held in a cold wallet address and there was no technical ability to seize the funds without private keys from the address, the following directions of work were deemed promising: - Initiation of a criminal case in the corresponding jurisdiction
- Analysis of cryptocurrency asset movements and establishing relations with exchanges - Preparation of a special investigation to be provided to law enforcement agencies - Communication with USDT token issuer, Tether LTD
After marking the stolen assets in blockchain analyzers and initiating a criminal case, a request was made to Tether LTD to freeze the funds at the corresponding address for subsequent reissuance of the same amount of USDT tokens to the client's new address. Requests were also made to cryptocurrency exchanges to freeze accounts associated with these transactions.
Result:
The tokens and associated accounts were frozen within 2 days of initiating the work, preventing the perpetrator from withdrawing the frozen assets. At present, procedural aspects of returning the funds to the client's addresses are being resolved.
A client was deceived in a cryptocurrency-to-fiat exchange transaction (received high-quality counterfeit cash and discovered it only at the bank), and the funds were sent in USDT tokens to a cold wallet address. Most of the funds continued to be held in the cold wallet address, and a small portion was sent to exchanges.
Analysis and actions taken:
Considering that the majority of the assets were held in a cold wallet address and there was no technical ability to seize the funds without private keys from the address, the following directions of work were deemed promising: - Initiation of a criminal case in the corresponding jurisdiction
- Analysis of cryptocurrency asset movements and establishing relations with exchanges - Preparation of a special investigation to be provided to law enforcement agencies - Communication with USDT token issuer, Tether LTD
After marking the stolen assets in blockchain analyzers and initiating a criminal case, a request was made to Tether LTD to freeze the funds at the corresponding address for subsequent reissuance of the same amount of USDT tokens to the client's new address. Requests were also made to cryptocurrency exchanges to freeze accounts associated with these transactions.
Result:
The tokens and associated accounts were frozen within 2 days of initiating the work, preventing the perpetrator from withdrawing the frozen assets. At present, procedural aspects of returning the funds to the client's addresses are being resolved.
Case 2
Introduction:
Through social engineering, cryptocurrency assets worth more than $100,000 were stolen from the victim.
Analysis and actions taken:
During the investigation, it was established that all stolen assets were transferred to centralized cryptocurrency exchanges, specifically Binance and Gate.
Result:
The investigation was forwarded to law enforcement agencies, and with a court order, the funds held on the centralized cryptocurrency exchanges were frozen and subsequently returned to the victim.
Through social engineering, cryptocurrency assets worth more than $100,000 were stolen from the victim.
Analysis and actions taken:
During the investigation, it was established that all stolen assets were transferred to centralized cryptocurrency exchanges, specifically Binance and Gate.
Result:
The investigation was forwarded to law enforcement agencies, and with a court order, the funds held on the centralized cryptocurrency exchanges were frozen and subsequently returned to the victim.
Case 3
Introduction:
As a result of a smart contract hack on a liquidity pool, $1,3 million worth of ETH tokens were stolen.
Analysis and actions taken:
During the investigation, it was established that the stolen ETH tokens were transferred through several intermediate addresses using swap procedures and were eventually converted into 1,3 million USDT tokens, which were then transferred to an unmarked address controlled by the attacker.
Result:
Through prompt collaboration with Tether Limited and law enforcement agencies, the attacker's address was blacklisted in the Tether smart contract. The stolen tokens were subsequently returned to the victim through a reissuance procedure.
As a result of a smart contract hack on a liquidity pool, $1,3 million worth of ETH tokens were stolen.
Analysis and actions taken:
During the investigation, it was established that the stolen ETH tokens were transferred through several intermediate addresses using swap procedures and were eventually converted into 1,3 million USDT tokens, which were then transferred to an unmarked address controlled by the attacker.
Result:
Through prompt collaboration with Tether Limited and law enforcement agencies, the attacker's address was blacklisted in the Tether smart contract. The stolen tokens were subsequently returned to the victim through a reissuance procedure.
Case 4
Introduction:
As a result of a client hack, assets worth $2.2 million USDC were stolen.
Analysis and actions taken:
In an attempt to obscure the movement of the stolen assets, the attackers transferred the sum through several cryptocurrency addresses, splitting the main balance into two parts. One part was deposited onto the cryptocurrency exchange "Binance", while the other part was exchanged for BNB using a smart contract. The attackers then transferred the BNB tokens through several intermediate addresses to the deposit address of the cryptocurrency exchange "Binance". Based on a request from law enforcement agencies, it was discovered that the recipient account of the stolen cryptocurrency assets was registered on a "drop". The stolen assets in the BSC and ETH networks were exchanged for USDT TRC and withdrawn from the "Binance" exchange. Subsequent investigation focused on tracking the movement of the assets that were withdrawn from the exchange, as the attackers attempted to split and transfer them to different addresses in order to conceal the trail. Ultimately, the movement of the assets was traced to their deposit onto the exchange.
Result:
Thanks to our prompt actions and a timely request from law enforcement, the stolen assets were frozen on the exchange before they could be withdrawn or sold. Based on the evidence gathered during the investigation, a court order was issued, and the entire stolen sum was returned to the client.
As a result of a client hack, assets worth $2.2 million USDC were stolen.
Analysis and actions taken:
In an attempt to obscure the movement of the stolen assets, the attackers transferred the sum through several cryptocurrency addresses, splitting the main balance into two parts. One part was deposited onto the cryptocurrency exchange "Binance", while the other part was exchanged for BNB using a smart contract. The attackers then transferred the BNB tokens through several intermediate addresses to the deposit address of the cryptocurrency exchange "Binance". Based on a request from law enforcement agencies, it was discovered that the recipient account of the stolen cryptocurrency assets was registered on a "drop". The stolen assets in the BSC and ETH networks were exchanged for USDT TRC and withdrawn from the "Binance" exchange. Subsequent investigation focused on tracking the movement of the assets that were withdrawn from the exchange, as the attackers attempted to split and transfer them to different addresses in order to conceal the trail. Ultimately, the movement of the assets was traced to their deposit onto the exchange.
Result:
Thanks to our prompt actions and a timely request from law enforcement, the stolen assets were frozen on the exchange before they could be withdrawn or sold. Based on the evidence gathered during the investigation, a court order was issued, and the entire stolen sum was returned to the client.
Introduction:
A client was deceived in a cryptocurrency-to-fiat exchange transaction (received high-quality counterfeit cash and discovered it only at the bank), and the funds were sent in USDT tokens to a cold wallet address. Most of the funds continued to be held in the cold wallet address, and a small portion was sent to exchanges.
Analysis and actions taken:
Considering that the majority of the assets were held in a cold wallet address and there was no technical ability to seize the funds without private keys from the address, the following directions of work were deemed promising: - Initiation of a criminal case in the corresponding jurisdiction
- Analysis of cryptocurrency asset movements and establishing relations with exchanges - Preparation of a special investigation to be provided to law enforcement agencies - Communication with USDT token issuer, Tether LTD
After marking the stolen assets in blockchain analyzers and initiating a criminal case, a request was made to Tether LTD to freeze the funds at the corresponding address for subsequent reissuance of the same amount of USDT tokens to the client's new address. Requests were also made to cryptocurrency exchanges to freeze accounts associated with these transactions.
Result:
The tokens and associated accounts were frozen within 2 days of initiating the work, preventing the perpetrator from withdrawing the frozen assets. At present, procedural aspects of returning the funds to the client's addresses are being resolved.
A client was deceived in a cryptocurrency-to-fiat exchange transaction (received high-quality counterfeit cash and discovered it only at the bank), and the funds were sent in USDT tokens to a cold wallet address. Most of the funds continued to be held in the cold wallet address, and a small portion was sent to exchanges.
Analysis and actions taken:
Considering that the majority of the assets were held in a cold wallet address and there was no technical ability to seize the funds without private keys from the address, the following directions of work were deemed promising: - Initiation of a criminal case in the corresponding jurisdiction
- Analysis of cryptocurrency asset movements and establishing relations with exchanges - Preparation of a special investigation to be provided to law enforcement agencies - Communication with USDT token issuer, Tether LTD
After marking the stolen assets in blockchain analyzers and initiating a criminal case, a request was made to Tether LTD to freeze the funds at the corresponding address for subsequent reissuance of the same amount of USDT tokens to the client's new address. Requests were also made to cryptocurrency exchanges to freeze accounts associated with these transactions.
Result:
The tokens and associated accounts were frozen within 2 days of initiating the work, preventing the perpetrator from withdrawing the frozen assets. At present, procedural aspects of returning the funds to the client's addresses are being resolved.
Introduction:
Through social engineering, cryptocurrency assets worth more than $100,000 were stolen from the victim.
Analysis and actions taken:
During the investigation, it was established that all stolen assets were transferred to centralized cryptocurrency exchanges, specifically Binance and Gate.
Result:
The investigation was forwarded to law enforcement agencies, and with a court order, the funds held on the centralized cryptocurrency exchanges were frozen and subsequently returned to the victim.
Through social engineering, cryptocurrency assets worth more than $100,000 were stolen from the victim.
Analysis and actions taken:
During the investigation, it was established that all stolen assets were transferred to centralized cryptocurrency exchanges, specifically Binance and Gate.
Result:
The investigation was forwarded to law enforcement agencies, and with a court order, the funds held on the centralized cryptocurrency exchanges were frozen and subsequently returned to the victim.
Introduction:
As a result of a smart contract hack on a liquidity pool, $1,3 million worth of ETH tokens were stolen.
Analysis and actions taken:
During the investigation, it was established that the stolen ETH tokens were transferred through several intermediate addresses using swap procedures and were eventually converted into 1,3 million USDT tokens, which were then transferred to an unmarked address controlled by the attacker.
Result:
Through prompt collaboration with Tether Limited and law enforcement agencies, the attacker's address was blacklisted in the Tether smart contract. The stolen tokens were subsequently returned to the victim through a reissuance procedure.
As a result of a smart contract hack on a liquidity pool, $1,3 million worth of ETH tokens were stolen.
Analysis and actions taken:
During the investigation, it was established that the stolen ETH tokens were transferred through several intermediate addresses using swap procedures and were eventually converted into 1,3 million USDT tokens, which were then transferred to an unmarked address controlled by the attacker.
Result:
Through prompt collaboration with Tether Limited and law enforcement agencies, the attacker's address was blacklisted in the Tether smart contract. The stolen tokens were subsequently returned to the victim through a reissuance procedure.
Introduction:
As a result of a client hack, assets worth $2.2 million USDC were stolen.
Analysis and actions taken:
In an attempt to obscure the movement of the stolen assets, the attackers transferred the sum through several cryptocurrency addresses, splitting the main balance into two parts. One part was deposited onto the cryptocurrency exchange "Binance", while the other part was exchanged for BNB using a smart contract. The attackers then transferred the BNB tokens through several intermediate addresses to the deposit address of the cryptocurrency exchange "Binance". Based on a request from law enforcement agencies, it was discovered that the recipient account of the stolen cryptocurrency assets was registered on a "drop". The stolen assets in the BSC and ETH networks were exchanged for USDT TRC and withdrawn from the "Binance" exchange. Subsequent investigation focused on tracking the movement of the assets that were withdrawn from the exchange, as the attackers attempted to split and transfer them to different addresses in order to conceal the trail. Ultimately, the movement of the assets was traced to their deposit onto the exchange.
Result:
Thanks to our prompt actions and a timely request from law enforcement, the stolen assets were frozen on the exchange before they could be withdrawn or sold. Based on the evidence gathered during the investigation, a court order was issued, and the entire stolen sum was returned to the client.
As a result of a client hack, assets worth $2.2 million USDC were stolen.
Analysis and actions taken:
In an attempt to obscure the movement of the stolen assets, the attackers transferred the sum through several cryptocurrency addresses, splitting the main balance into two parts. One part was deposited onto the cryptocurrency exchange "Binance", while the other part was exchanged for BNB using a smart contract. The attackers then transferred the BNB tokens through several intermediate addresses to the deposit address of the cryptocurrency exchange "Binance". Based on a request from law enforcement agencies, it was discovered that the recipient account of the stolen cryptocurrency assets was registered on a "drop". The stolen assets in the BSC and ETH networks were exchanged for USDT TRC and withdrawn from the "Binance" exchange. Subsequent investigation focused on tracking the movement of the assets that were withdrawn from the exchange, as the attackers attempted to split and transfer them to different addresses in order to conceal the trail. Ultimately, the movement of the assets was traced to their deposit onto the exchange.
Result:
Thanks to our prompt actions and a timely request from law enforcement, the stolen assets were frozen on the exchange before they could be withdrawn or sold. Based on the evidence gathered during the investigation, a court order was issued, and the entire stolen sum was returned to the client.