Hey CryptoBro!: How Are Criminals Laundering, Monetizing, and Targeting Cryptocurrency, NFTs, and Smart Contracts?

today we are here with Sam kalezi um if anyone else like myself is tired of running a car wash or a nail salon you're in the right room um so let's get a little excited learn how some of these criminals are laundering monetizing and running in this whole crazy crypto world so without further Ado same crazy

all right everyone hear me all right good all right so my name is Sam clasy I Am a threat intelligence analyst with recorded future uh within recorded future I am part of our Advanced cyber crime and engagements team so we handle crypto quite often whether we're dealing with various threat actors purchasing things so I figured this would be an awesome topic to speak on because we deal with it on a day-to-day basis however before we get started uh one of the things I wanted to go over a little bit of an agenda here I know that within the crypto space there are varying levels of knowledge and understanding so I just wanted to go over some basic

definitions before we kind of dove into things a little bit more like the laundering monetization methods then going into the attacks against crypto nfts as well as smart contracts and then we'll attempt to look a little bit into the future because this is such an ever-changing ecosystem it's a little hard to predict at times and a little hard to make an assessment on but we'll attempt to do that today I just wanted to bring up this quote uh from Satoshi Nakamoto it is the individual or group of individuals who possibly created bitcoin uh still up for debate if it was one person or a group of individuals so I think this quote I really like it because it embodies what

Bitcoin was intended to be it was intended to be decentralized and kind of divorced from any state government or bank it was meant to be the coin of the people essentially so moving into some of the definitions that we have here I'm sure a lot of individuals have heard of the term altcoin before so what an altcoin is is essentially any cryptocurrency token that is not a Bitcoin and then we actually have Bitcoin itself so this is the original decentralized currency it was initially founded and distributed to the public in January of 2009 in the white paper demonstrating this was actually released a few months prior in October of 20 or 2008 by Satoshi again either individual or group

of individuals are still not sure yet and then we have for sure many as you have heard a blockchain uh so I know the word gets thrown out quite a bit but in the basic sense the blockchain is an unchangeable digital Ledger that we use to track transactions and they're conducted in sequential blocks and they follow a various protocols for the various tokens that are out there so whether it's the ethereum blockchain the Bitcoin blockchain the Monero blockchain so again various blockchains for various coins then what we have is a cold wallet I actually have one here this is what we use reported future they are little digital ledgers looks like a USB drive almost so what these cold wallets are is

they are Hardware wallets um and they are used to store private keys so I cannot access any of my crypto unless I actually have this specific wallet uh plugged into this computer or any other computer with the program um next I want to go over a little bit of what a cryptocurrency exchange is so it's essentially a digital Market where you can buy sell trade and cash out crypto so think things like binance FTX or smps um crypto.com okx buy bit things like that on that level then we also moving into crypto mining so who attempted to buy a graphics card in 2020 2021 uh crypto miners uh really kind of ruined that whole scene because

they bought up them all because you need an immense amount of graphical processing power to be able to compile the blockchain and then solve transactions and these miners are actually rewarded for solving the problems or you know mathematical problems that are associated with mining to be able to put the blockchain together and then they actually get a little small fraction of that and if you multiply that if you have 10 mining Rigs and you're doing it 24 hours a day and heating your home as well as others around you you're going to be making quite a bit of money I think it was in New York actually they outlawed crypto mining because of how much of a drain it had on their power

grid um and then moving into the final set of definitions the ethereum request for comments 20 ecr20 so what this is is essentially a basic set of guidelines that um guides the ethereum blockchain so any coins on that ethereum blockchain are governed by ecr20 rule sets so when you hear ecr20 coin it is again anything that is on the actual blockchain of the ethereum sorry of the ethereum blockchain um next we had fiat currency um when I first started researching crypto a few years ago I always thought well why is it called a fiat currency it's not a car fiat currency is a currency that is a legal tender that is you know State abide.government

decree so the US dollar would be a fiat currency a euro is a fiat currency and then we have a hot wallet so hot wallet opposite of a cold wallet it's a software wallet that is usually stored on your computer or some type of software that you would have so think like Exodus wallet it would be a software wallet they're a little bit more susceptible to malicious attacks because of their ability to be hosted and connected to the internet and then we have everyone's favorite non-fungible tokens um so as you see my uh not stolen I just copy and paste it off the internet picture of various board ape Yacht Club nfts and if you are so inclined you can

go and spend hundreds of thousands of dollars like Seth Green and numerous other individuals have done and get a picture of a board ape Yacht Club nft so what they are basically is a unique set of uh drawing pictures some type of commodity that has a set value to it uh that you own because it says it does on the ethereum blockchain you own a piece of that in the digital Ledger and then finally uh before smart contracts we have some private Keys these are essentially the keys to your house or the keys to your kingdom you wouldn't want anyone with your private key because then they'd be able to get access to your wallet so if someone

found this on the ground unfortunately you wouldn't be able to get into it because it's pin coded but if you knew my pin you would essentially be able to validate my private key with this specific USB looking drive then same thing with software wallets if you need to recover I know with Exodus if you have to recover your said wallet you need a recovery key which is essentially your private key to be able to recover those funds or at least gain access to that software wallet again and then last but not least are smart contracts what they are is they're essentially digital contracts that facilitate a rules-based enforcement so one of the types of smart

contracts that I will talk about in a little bit are flash loans and a flash loan essentially in agreement with an individual that you will pay them back you are borrowing money on a non-collateral basis that you promise to pay them back and if it doesn't then that smart contract will obviously be outstanding and that person can go after you so again just a digital agreement all right now we're going to get into some of the fun stuff so in terms of laundering methods of crypto I put this before monetization because in a lot of uh a lot of the research that we've done we've seen that this part comes before some of the monetization and cash out

they're kind of blocks of Choose Your Own Adventure of how you want to attempt the clean or launder or even monetize some of your crypto whether you are a ransomware threat actor or just an individual selling credit card dumps so one of the top ways that we've seen threat actors and illicit users of crypto kind of talking and advertising and promoting again our Ledger and trezor this specific wallet is a ledger I actually just saw them at Best Buy like two weeks ago so I'm kind of surprised they're getting more and more popular now and then you have trezor so just an op the different version of with this specific little wallet is and then

you have some of the other um digital wallets like Bitcoin core Wasabi wallet trust wallet electrum Exodus which I had mentioned before I do have an exodus software wallet Dragon era Unstoppable and then feather is actually a Monero only wallet so a lot of individuals who use that for that privacy Focus coin because it's one of kind of the only privacy focused ones for that specific token and then uh I like these cross chain swaps because I always thought this was funny I've always thought this was kind of the the wish.com of mixing this is if you wanted to go ahead and attempt to mix your coins yourself so cross chain swaps allow users and other individuals

to swap tokens from Bitcoin to ethereum to Monero back to bitcoin so you're essentially creating obscure or anonymity through obscurity you're going through a bunch of Hoops and attempting to launder or mix your own funds by obscuring them of hey I'm going from Bitcoin to ethereum back to bitcoin to Monero back to ethereum then cashing out because again you're obscuring more than anything and then we're actually going to talk about one of my favorite mixers here so right here we have on the right hand side there is a naughty mixer if there's any law enforcement don't shut this one down this is my favorite I really enjoy using this one it's easy so uh anani

mixer is only hosted on an onion service right now they did have a clear net domain at one point a Noni mixer is neat because as you can see the UI is very very simple and the user experience is actually great whoever designed this so you actually go in you will type in your address you'll put in the information that you want it'll actually give you a countdown of like hey you have this much time to deposit these tokens these are the wallets that are going to these are the fees that are going to be charged for it please send this exact amount no more no less and we'll take care of everything else on the back end so

another version of that are yomix which yomix is okay it's advertised on a lot of kind of mid and top tier forums then you have com somebody cash out you're going to see This Again comedy cash out uh it was hard to fit in a category because it's not only a mixer but it's also a type of peer-to-peer exchange it's also a high risk exchange but it's also an over-the-counter exchange to a certain extent and then you have sinbad.io there is a lot of speculation that Sinbad is possibly a Reincarnation of blender.io which kind of brings me to my next Point here blender.io and tornado Fox mixer chip mixer in Blitz Lotto are actually very

popular we're a very popular mixers and I wanted to bring these up because these are integral or these mixers were integral into a lot of the anonymization and tumbling of cryptocurrency for a lot of popular attacks um so blender.io was used to launder funds from Ronin network uh it was suspected that I think the FBI actually came out recently with a press release accusing them formally accusing apt-38 which is a North Korean apt group of stealing roughly 600 million dollars from the Ronin Network and they started to launder those funds through blender.io and is actually sanctioned by the U.S treasury's department of foreign asset control ofac and then tornado caps similar this was another attack by

apt-38 they stole about 100 million dollars worth of crypto from the harmony bridge and they started to launder those funds through tornado cash then you have Fox mixer which was seized by law enforcement chip mixer was a very popular mixer that was used by various ransomware groups so I'm sure everyone one has heard or at least had to deal with ransomware this is how they were taking some of those funds and then laundering them and then Blitz Lotto was an interesting chaos it's a Russian firm that deals with crypto but also on the back end they were doing uh very in my mind Russian things and laundering funds and laundering funds from markets and then ransomware uh while the Russian

government was kind of turning a blind eye to that and they were actually sanctioned very recently uh by ofak and next um so we have the peer-to-peer exchange so I like to kick this off or at least in my mind if you were a threat actor this would kind of not be the first place I would go if you were attempting to at least launder your crypto I would attempt to do some cross chain swaps first and then go to something like a peer-to-peer exchange so with this peer-to-peer exchange is is has anyone ever been on Craigslist I'm sure all of us have you post for sale buy or want ads that's essentially what we are doing

here we are placing a for sale or want or hey I'm giving this away type deal um there's extremely limited know your customers so kyc for those that work in the financial uh industry and there's also very limited anti-money laundering uh policies as well that govern uh this specific type of exchange and then what you as I said various advertisements are posted to it and then some of the more popular ones that we've seen discuss are Agora desk bisque local Monero Peach Bitcoin I've only attempted to use Agora desk and I tried to use Peach Bitcoin had limited Success With It but I actually want to show you what agoridesk actually looks like and I want

to step too far away from the mic so uh right there you have your seller column so these are individuals that are actually posting for sale ads of their cryptocurrency of hey I want to I can't see it I want to uh you can um buy my Bitcoin that I have you can send me cash by mail and that's the rate of the Bitcoin that second to the right column that I'm going or second to the left column that I'm going to charge you for it and then that's the um the I can't see that last column I apologize but yeah you have your seller your payment method and then your actual price that they're charging for the

Bitcoin so again you can see the tab all the way up in the top corner there of the buy and sell so you can buy sell post an ad and then this specific peer-to-peer exchange deals in both Bitcoin and Monero so next we're going to move on to high risk exchanges so I mentioned this topic a little bit ago of a high risk exchange so what you have here again similar to peer-to-peer little to no implementation of kyc or AML policies to be able to at least govern a lot of these specific exchanges and I also wanted to highlight here the importance of these high-risk exchanges similar to those mixers that I talked about for before

ofac actually between September of 21 and April of 2022 sanctioned suex Chad X and guarantee X which were three large high-risk cryptocurrency exchanges that were laundering and handling funds from ryok May's conti and rival so those exchanges I don't have bonus up there again we're handling funds from those various ransomware groups so what we have here is a an exchange that functions similar to what you would do with a trusted exchange such as crypto.com binance okx so you're essentially going through this Marketplace creating an account not having to submit any identity verification or anything like that and being able to convert Fiat to crypto crypto to Fiat being able to store it there some of

these actually have mixers which I want to dive into a little bit now so what we actually have here of that screenshot is a screenshot of xss which is the top tier Russian Forum that we deal with a lot and this is translated via Google translate so I just right clicked I don't speak Russians I do not know how accurate the transition is or translation is but what we have here is Audi A6 mixer and what this mixer is is essentially individuals who are helping you buy and sell crypto so you can go from cash to bitcoin as that top option you can also exchange cryptocurrency for QR codes which you can redeem at I think some of the banks

are listed there serbank Tink off which are banks based in Eastern Europe so I'm sure a lot of you can imagine how that can be abused or at least how it possibly was abused especially with all the sanctions that the U.S had imposed and what is neat about specifically comedy cash out in Audi A6 exchanger both of these exchanges are pinned and have advertisements on two of the top tier Russian forums where a lot of initial access Brokers advertise where a lot of ransomware actors uh frequent and just where a lot of those individuals kind of hang out talk chat so again these are in places that are well seen and well known and then you have

Infinity exchanger exchange and wizard swap these are more again more like the traditional crypto.com binance type exchanges they're not exactly one for one I'm not saying that they are but they are similar to it it's kind of the closest thing that you would have and then one thing I forgot some of them also have mixing functions though it's all the way down at the bottom there so some of these high risk exchanges will also have mixing in them so it's kind of a One-Stop shop of hey I also want to convert my crypto but first I need you to clean it they offer that service of course they do and then the next is virtual credit

cards um so the monetization methods uh used with virtual credit cards you don't want to go directly to a virtual credit card at least in my experience or the individuals that we've talked to what you're first going to do is attempt to mix it or try to do cross chain swaps things like that to be able to at least get to this point to where you can start to load onto a crypto cart or load onto a virtual credit card so we've now moved from laundering to monetization and cash out of crypto most of the service providers that we have seen associated with virtual credit cards are visa and MasterCard if there's anyone that works for Visa or Mastercard

I'm sorry I would love to speak to you and kind of understand how these cards are issued a little bit on the back side of it and what fraud detection methods you have in place especially for cards like this because I was able to this is an actual screenshot of a card that I had loaded 25 onto I was able to do it not create an account I was able to verify this card I was able to use it at one point I did get denied the first time when I tried to use it somewhere for a fraud anti-fraud measure so again good on the website that I actually attempted to use it on first but this is

pay with moon and then you also have ezocard VCC Pro waiver card so again just kind of a bunch of different options uh to actually get into the virtual credit card game or world of attempting to load funds onto them um and then once you load the funds on to a certain extent you can use these such as traditional debit or credit cards you can kind of enter any information that you want on uh the the payment website or checkout website again I did get denied once but I was able to use it the second e-commerce retailer that I had tried to use it at and then what we also have uh lastly and I'm going to use this term again over

the counter what we have here uh is an over-the-counter virtual Credit Card Exchange so think of in a movie a sense of like a guy with a jacket Hood comes out hey man I can get you what you need this is essentially what these virtual credit card services are are these individuals that are advertising on low tier forums like nulled and cracked of hey if you send me Bitcoin or any type of illicit crypto I will throw it onto a virtual credit card and I'll give you that number sure you will so again a lot of these are scams from what we have seen but it's still out there it's still being advertised someone might fall for it that doesn't

necessarily know a lot about crypto I wouldn't consider super top tier actors going and seeking out this type of uh activity or this type of service on nalder cracked um coming back up right again here um is over-the-counter exchanges it's almost like I plan for it so a lot of these over-the-counter exchanges are actually handled on both Telegram and Discord so using those peer-to-peer chat applications they'll post an advertisement on a forum of hey I have an exchange I'll exchange uh you know Bitcoin to ethereum or uh Litecoin to Monero for you all you have to do is join my telegram Channel or join my Discord Channel or hey go ahead and message me on telegram I don't have my

other phone with me to kind of bring it up or mirror but they're they're kind of crudely set up in terms of like hey we have these various rooms for those of you who have been on Discord at least they have various rooms set up for hey I want to exchange Bitcoin or hey I want to exchange Monero so we see some of those that type of activities so it's as I said done through an outside broker and then what you actually have um are in some cases uh Fiat cash or Fiat to crypto transfer service and then what you're doing is you're essentially paying a fee so say you want um ten thousand dollars in crypto you

may have to pay twenty thousand dollars or fifteen thousand dollars in a fiat currency to even get 10 000 in Bitcoin so this is a very expensive method for individuals to attempt to try so say I wanted a thousand dollars in Bitcoin again I may have to pay two thousand dollars in a fiat currency to even be able to obtain clean Bitcoin or what they deem clean Bitcoin or clean currency and then similar to what I had mentioned earlier some of these services and I think I may have a screenshot on the next page of one of the advertisements for the QR codes but after after the conflict in Ukraine started in February of 2022 for the few

several weeks and months after that we saw a lot of individuals on top tier Forum saying hey um I will cash out funds for individuals in Eastern Europe and we'll actually give you a QR code and you can go to Tink off or serve bank which are banks that are based in Eastern Europe or Eastern Europe specifically Russia there's a lot of Tink off and serve Bank locations next is account verification services and wallet unblocking so this in my head or what I kind of look at it as you know fake it till you make it so if you really don't want to go through any of these other methods and you want to have

your crypto appear somewhat legitimate I would kind of think this would be a last phase to that and it is actually obtaining a legitimate account on something like Finance or okx or buy bit so what you're doing is you're essentially paying and that's what that ad is um heck the kyc uh stay Anonymous so you have all of your various entities that you can go through so you can go get a binance wallet you can go get a coinbase account you can get a PayPal account and these individuals we haven't obviously attempted to do this due to the legality of some of the things uh of forging documents for them what they will do is they will Forge

documents they will attempt to bypass the identity uh verification that these uh specific platforms have and again it's relatively inexpensive it's I think anywhere between 150 to 300 for one of these verified accounts and then actually if your wallet gets blocked when you're attempting to take out funds of this account that you created these individuals also have wallet unblocking services so they will attempt to show The Exchange that hey this person isn't violating AML policies or hey this person is legit this crypto is legit so again we haven't dealt too too much in this we have seen threat actors this is probably one of the more popular things that we've seen advertised again on low to mid-tier

forums of hey we can create an account for you they usually don't give validity rates or anything like that because I have a feeling they're kind of low most likely um next uh we're going to jump into both attacks and threats to cryptocurrency so we are now moving from I would say part A of the presentation to kind of Part B of now we're going into the attacks and threats to crypto so we've learned how threat actors and illicit users have monetized laundered and possibly cashed out crypto now we want to see in a certain sense how they are at least obtaining some of these funds so I'm sure as everyone is very shocked to see

fishing and social engineering are some of the top methods that we are still seeing at least in this space of how individuals are losing cryptocurrency um what we're seeing are various phishing pages so this phishing page uh on the left here was from uh breach forums the OG breach forums not the new new one so what we have here is a coinbase phishing page that was advertised I want to say this phishing page was about 300 it was fairly convincing at least to me so you have all of the right markers and these would be sent to people specifically for airdrops um and this specific one was for an airdrop so it should be I don't

have my laser pointer there but you'll see airdrop in the top bar there so what an airdrop is and people will theme fishing campaigns to this and airdrop is essentially a free token or free gift for joining an exchange I know everyone likes free stuff but you have to connect your wallet to it and as soon as you connect your wallet to it or you're fished into connecting your wallet to it all of your funds are gone your wallet is no longer yours you're essentially giving them the private keys to your to your wallet so we see this for a lot of um it's kind of the basis for some rug pull scams which you're going to go into

in a little bit but again this looks very convincing of hey if you join our service I know when FTX was collapsing uh there was actually a deep fake put out of Sam bankman freed and it was hey we're doing an airdrop for individuals who may have lost funds click this link and connect your FTX wallet and what they were doing is they put this video on Twitter and it got a bunch of likes retweets and those individuals have lost even more money off of FTX and then we have your typical credential theft so again very run-of-the-mill fishing credential theft I won't go too much in that we have private key compromise that's again connecting or allowing an individual

connect to your wallet and then you're giving them unknown permissions because again you think you're just doing something non-malicious of just clicking and saying yes I want this thing and then you have 2fa hijacking um sorry that screenshot's a little blown out um but that is for kucoin so what we have here um for those of you that are familiar with fishing panels and things like that so what we have here is a screenshot of two-step verification hijacking so after you input your password and it goes to 2fa on the back side of a fishing panel most individuals are able to see this or the threat actor is able to see what's happening live or

they're getting notifications via telegram or Discord where this information is being sent of hey someone just attempted to log into your fishing panel here's their username email address oh by the way we also got a 2fa code for them so an individual will sit there and it'll Spin and the 2fa code will be there but it's actually being looked at on the back side by a threat actor whoever the user is using this and then they will log into your account for you and then this page will actually timeout go away and it'll say error contact customer support and you know contact kucoin and then they'll say no we don't have a login attempt from your

specific IP or where you attend to log into and then I will explain fraudulent Discord servers a little bit more but a lot of individuals within the nft space specifically board API Club use Discord to use for official communication which is wild to me that you're like yep join our Discord you can hear our official announcements those accounts can't ever be compromised you'll see in a little bit um actually you'll see right now uh my note just tripped in my head so we have here for your fraudulent Discord servers um you know how I mentioned Seth Green before he was actually the victim of having his board ape Yacht Club image stolen and what happened was one of the

Discord accounts for one of the founders and come out of community guidelines people for board ape Yacht Club had their Discord account compromised and then the threat actor sent out phishing links to hey sign in or hey I think they were themed with an airdrop type deal and then Seth Green clicked it and then lost his board ape yacht club or board ape I guess you would call them and he was actually making a show I think for them and he paid several hundred thousand dollars to get it back off of the individual that had stolen it so again kind of crazy you're paying that much money to get a picture back for a TV show

and then you also have um the another Discord Community manager uh had their Discord account compromised they were able to send out phishing links so you're seeing the pattern um these Discord servers are abused people can be fished for credentials for them and then send out and have a larger impact within the space um these are even more fishing panels so this one right here is a binance theme airdrop so an airdrop can be themed kind of as anything so this one is a crypto giveaway box you can go ahead click here um the promotion ends in 16 days and what you do is you sign in you connect your wallet and then the one all the way on the left

is actually a from I think it's from xss this was a individual who was offering the design and deployment of fishing panels so what you have is uh the top the landing page nft creator so what you essentially have here is for 250 dollars this individual would create a themed phishing page for an nft that you could kind of either dream or want to Target and it has clickable links through credential Harvesters things like that so again for 250 it's fairly low bar to entry especially if you're not super technical for them to go ahead and even deploy design and deploy that and support it for you all right so now we're going to get into

some of the more high dollar attacks here and the next couple slides um I will attempt to kind of explain them as clearly as I can in terms of yes this was a piece of an attack that happened in a more complex method possibly so again if there is any lack of understanding or if things need to be explained uh ask me at the end I will attempt to kind of clarify even more so what we have here the top one are cross Chain Bridge attacks so going back to one of the first definitions that I gave cross Chain Bridge allows for swaps of tokens across chains so swapping Bitcoin which is on the Bitcoin

blockchain to ethereum which is on the ethereum blockchain you need to go through a cross chain to be able to do that so what we have here is the Ronin network was the one of the more prominent cross Chain Bridge attacks and about 600 million dollars was stolen by apt-38 or allegedly stolen by apt-38 and essentially how a cross Chain Bridge works is what you're doing is essentially using validators within the Ronin Bridge a ronin Network there were five validators needed five of nine validators needed to um process a transaction so if you wanted to swap from in-game Ronin currency to bitcoin you needed five of nine validators to approve at minimum what happened was this group uh through

phishing emails or through some other means was able to compromise individuals who were in possession of five of those private keys and then they were able to just start pulling money out of this platform and by the time it was noticed they had actually pulled about 600 million dollars worth of crypto out they actually did not get away with the entirety of 600 million I want to say it was close to 3 400 million the other a couple hundred million was either seized or Frozen by Ronin and other U.S law enforcement agencies during the course of this so again zero dollars or 200 or 300 million dollars is better than zero dollars for a relatively kind of low

sophistication attack of just approving transactions something similar happened to Harmony uh the harmony Bridge as well so what you have here something similar the the private Keys the validator keys that validate transactions to be able to go cross chain or compromise and about 100 million dollars was stolen and then qubit Finance so 80 million was stolen so right there in those three attacks we have almost a billion dollars worth of loss even though that the actual loss was probably a little bit less than that the attributed loss is almost a billion dollars and all of these attacks happened in 2022. these aren't even all of the attacks that happened within the cross Chain Bridge environment

and then we have moving on to drainers which I had alluded to a little bit ago so drainers are essentially asking to connect to a wallet so you have very elaborate or not so elaborate phishing Pages or some type of lore to get an individual to click or agree to the terms of this and a lot of what we see specifically with thread actors in this space or the targeting of ecr20 based tokens so again anything on the ethereum blockchain and nfts and smart contracts are all hosted on the ethereum blockchain I apologize if I didn't mention that before so what you have here is the set approval for all function which is usually what gets

abused the most in these trainers I think it was the payment fraud intelligence team with inside of recorded future actually did a white paper on uh these types of drainers if you want to learn more about that they do have a public blog post I'm pretty sure on that so what this Sapphire function is it is a feature of convenience to approve transactions within various exchanges of hey I don't want to go ahead and approve this transaction all the time if I'm going to continue to make similar transactions I want you to do it for me so what we have here is a threat actor explaining how their system works so you have there is

your bottom one hey I have nfts so you're going green up the other side oh the sapphire function is enabled on this platform cool we're going to take everything out of the wallet we're taking the nfts we're taking all of the tokens and it prioritizes it by value so it takes the most high value things first and leaves the things of least value if it doesn't have time to be able to just again get the most value out of the theft and then it goes up that other chain there of events of okay well if there's no nfts then we're just going to go get the tokens and then uh X fill these to a different wallet so what you

have there is again these are very heavily advertised on a lot of kind of mid to top tier English and Russian speaking forums they're relatively inexpensive you can get into a good trainer for sub a thousand dollars I would say and then you also have individuals that are supporting it as well so we're seeing most of these targeting Seaport which is part of openc which is a large exchange or at least platform to be able to exchange nfts and other Goods all right now we're going to get into uh this is personally one of my favorite attacks because it makes absolutely no sense raise your hand if you would give a loan to someone and they would not

give you any collateral for it all right cool no one in this room would well if you go to in exchange you can get a flash loan which is an uncollateralized loan within the D5 space so decentralized Finance space is a space where individuals can conduct activities outside of an intermediary such as the bank government or other institution so most of the time these are peer-to-peer software based organizations or platforms that individuals are using and what you have here with these flash loans is essentially an individual saying hey I'm borrowing three million dollars or five you're going to see some of the amounts that individuals borrowed to conduct these attacks you're essentially saying Hey I

want to borrow this amount of money I'm not going to give you anything for it but I I'll pay you back I promise and in most cases the funds that are actually stolen from the platforms or entities that are targeted are actually used to pay back that flash loan so in a sense they're using the stolen money to pay back the initial loan that they take to stole money so again kind of a roundabout way of getting money in the end so what you have here with Euler Finance it happened in March 2023 so not that long ago 195 million dollars was stolen but the attacker had a change of heart after Euler Finance asked if they

could have the money back and they're like oh yeah we'll we'll give some of it back to you so it did give a lot I'm pretty sure they took a black hat fee for finding their vulnerability so what you have here is the attacker initiated the actual attack with a flash loan of 30 million dollars so what happened was they took the 30 million they borrowed 20 million in the platform and the way the platform works is you have two different sets of tokens uh debt in a credit token and if it has more debt than credit it starts to liquidate its assets so what essentially happened was this individual took it there was a glitch in the platform that

allowed them to on that 20 million dollar deposit take out 10 times what it was worth of 195 million dollars worth of that token and then after that was taken they were able to start paying back the initial borrowed loan from that 10 million that was left over from the initial 30 million it's like you ever see Charlie in an episode of Always Sunny where he's like connecting all the dots type field right now um that is what essentially had happened here so they used the initial 10 million to start to pay back the loan and then after that happened they had started to pull the funds out of um this platform in this exchange so

um I know I'm a little bit short on time a few minutes left so I want to go through smart contract vulnerabilities here I don't think I'm going to get time to go through the actual example attacks but essentially with a smart contract abuse or vulnerability what you have here um two of the more uh prominent attack vectors that we've seen are price Oracle manipulation and a re-entrancy vulnerability so price Oracle is essentially a stock ticker that tells a platform or an exchange hey this is what Bitcoin or this is what this asset is worth at a specific time uh time and place and then there's sometimes a delay on that so you can see how I can be

abused that there's a delay on seeing how much something of value is whether it is increased or decreased if there's a delay then it can be abused and then a re-entrancy vulnerability it essentially allows an attacker to make continued calls of the call function on a smart contract to withdraw as much funds as they want because again that the space hasn't necessarily been pen tested and kind of been through the process of being vetted as thoroughly as some of the other things that a lot of you in the room are familiar with such as apis or other programs or other things that need to be coded and Pen tested and making sure they can't be abused like

this so um I won't go into too much of the attacks but again flash loans were used in both of them and what you essentially have here is The Flash loan being used to kick off the attack and then being able to for that second one the price was different there was a price difference in it and they were able to abuse that because the platform saw that the value of the token was way less so that person kept calling on that until they had their money back out which allowed it to drain it from the uh their liquidity pool so uh this one API uh withdraws a lot of platforms are going to API withdrawals

now and what we have here is essentially using API an API call to start withdrawing funds two of the more prominent uh kind of attacks we've seen three commas about 10 000 API Keys related to three commas were leaked and then posted on Twitter and then Scrooge API is a threat actor on xss that is advertising an API withdrawal service so they claim to be able to withdraw if you have some type of API key from one of these exchanges they claim they are able to start withdrawing funds from it and then this is a slide I want to get this is my favorite so the Jake Paul and wish.com Pokemon will make sense in a

second so we have rug pulls and what essentially a rug pull is is building up hype uh for a um a project or an nft or something like that and then just walking away from it so they brought in Logan Paul to type up this game and then unfortunately the attackers were able to steal about six million dollars from individuals that had invested in and they just walked away from it and then Pig butchering think investment and romance scams but crypto related apologize for going a little bit too quick here um and then I probably not gonna have time to go through all this but this is essentially uh my thoughts on how we are

moving forward in terms of being able to either combat Monitor and minimize uh theft and abuse and fraud within the crypto space and kind of where it is going and I think the most important part here is the continued opsec lapses whether that is with individuals within uh places like Ronin or Harmony to be able to kind of protect their private Keys better to not being fished I know that is kind of an oxymoron it still happens for a reason um but yeah I apologize I had to run through that a little bit quick at the end here if anyone has any questions or comments concerns please let me know you can catch me possibly after or yeah

thank you