Unveiling the $40M Crypto Theft Allegation

In a remarkable investigation, ZachXBT has linked the theft of over $40 million from U.S. government crypto wallets to John Daghita, son of Dean Daghita, the president of CMDSS. This company was previously contracted by the U.S. Marshals Service to manage seized cryptocurrencies.

ZachXBT’s research extends previous investigations that connected an online persona, known as ‘John’ or ‘Lick’, to suspicious crypto activities exceeding $90 million. A Telegram argument, showcasing wallet ownership through live fund movements, first brought these addresses to light.

Despite the serious allegations, no legal charges have been filed, and CMDSS has not commented on the matter. The broader implications for crypto security and governance remain significant as the industry grapples with such high-profile cases.

Kraken’s ‘DeFi Earn’ Launch

Simultaneously, Kraken has introduced ‘DeFi Earn’ to users across the EU, Canada, and most U.S. states. This new feature allows users to access onchain yields directly from Kraken’s platform, promising returns up to 8% APY.

Powered by Veda’s vault infrastructure with Chaos Labs and Sentora managing initial USDC vault strategies, Kraken’s move represents a broader trend where centralized exchanges integrate DeFi-native features. This innovation aims to attract traditional exchange users into the decentralized finance realm.

Japan’s Crypto ETF Ambitions

In related news, Japan is gearing up to approve its first crypto ETFs by 2028. Major financial players like Nomura and SBI are expected to spearhead these initiatives on the Tokyo Stock Exchange, in alignment with regional trends in crypto financial products.

This development follows the success of U.S. Bitcoin ETFs, which have amassed significant assets. Japan’s regulatory shift highlights a global push towards integrating digital assets into traditional financial markets.

Stay informed on these and other pivotal developments with The Block’s daily digest, offering actionable insights into the dynamic crypto landscape.

The post ZachXBT Unveils $40M Crypto Theft: Insights & Kraken’s DeFi Launch appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

Ronald Spektor, hailing from Sheepshead Bay, was formally charged with first-degree grand larceny and money laundering. The illicit operation reportedly ran from April 2023 to December 2024. Prosecutors allege that Spektor contacted victims while impersonating a Coinbase representative, warning them of potential hacking threats to their accounts.

How the Coinbase Phishing Scheme Unfolded

Spektor allegedly convinced victims to transfer their crypto assets to wallets he controlled under the guise of protecting their funds. These assets were then laundered through various crypto mixers, exchange services, and even gambling platforms. Operating under the moniker “Ronaldd,” Spektor also managed a Telegram channel called “Blockchain enemies,” where he reportedly boasted about his exploits and acknowledged losing $6 million through gambling.

The victims of this elaborate scheme included individuals from California and Virginia, who lost over $1 million and $900,000, respectively. In the course of the investigation, authorities have so far recovered around $105,000 in cash and $400,000 in cryptocurrency. They have interviewed more than 70 victims, ultimately identifying approximately 100 affected individuals.

Role of Coinbase and Investigators

Coinbase played a pivotal role in the investigation, collaborating with the Brooklyn District Attorney’s Virtual Currency Unit to identify the suspect and trace the stolen funds. The company’s CEO, Brian Armstrong, publicly commended the indictment, assuring that those who target Coinbase users will face justice.

Prominent blockchain investigator ZachXBT also contributed significantly to unmasking the suspect. After a victim who lost $6 million sought his help, ZachXBT published an investigation in November 2024 that was instrumental in identifying Spektor. Coinbase’s official X account expressed gratitude for his efforts.

This case comes after a tough year for Coinbase security. Earlier in the year, ZachXBT reported that users suffered losses exceeding $65 million due to social engineering scams over just two months. Additionally, a data breach in May affected nearly 70,000 users, with damages estimated between $180 million and $400 million.

Spektor’s attorney has stated that his client pleads not guilty, labeling the accusations as “speculative.” However, reports reveal that Spektor was allegedly planning to flee the country before his arrest, with his father now considered an “active suspect.”

This incident serves as a stark reminder of the persistent threats in the crypto space, emphasizing the importance of robust security practices and awareness to safeguard digital assets.

The post Coinbase Phishing Alert: 31 Charges in $16M Crypto Theft Scandal appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

The malicious extensions, once installed, are programmed to steal user wallet credentials. “We have connected over 40 different extensions to this active and live campaign,” Koi Security stated.

The campaign, which has been running since at least April, uploaded the most recent extensions last week. These fraudulent extensions allegedly extract wallet credentials directly from the targeted sites and upload them to a remote server under the attacker’s control.

The report also highlighted how the campaign uses ratings, reviews, branding, and functionality to win user trust by posing as genuine and thus boost installation rates. Some applications even boasted hundreds of fake five-star reviews.

The deceptive extensions used the same names and logos as the real services they were mimicking. In several cases, the threat actors cloned the official extensions’ open-source code and integrated their malicious code. This deceptive strategy maintained the expected user experience while minimizing the chances of immediate detection.

While Koi Security stated that “attribution remains speculative,” they pointed to “multiple signals indicating a Russian-speaking threat actor.” These signals include Russian language comments in the code and metadata found in a PDF file sourced from a malware command-and-control server associated with the incident. “Although not definitive, these artifacts suggest that the campaign may be the work of a Russian-speaking threat actor group.”

To minimize risk, Koi Security advised users to only install browser extensions from verified publishers and to manage extensions as full software assets, using allowlists and monitoring for unexpected behavior or updates.

The post Malicious Cryptocurrency Wallet Clones Target Mozilla Firefox Users appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.

The frozen tokens currently reside in two attacker addresses. However, an onchain governance vote to unfreeze and recover these assets has secured preliminary approval on May 29, with an impressive 90% of voters supporting the proposal, as per an update provided on Friday.

The plan entails Sui network validators transferring the frozen assets to a multisignature trust. This trust will be jointly managed by Cetus, blockchain security firm OtterSec, and the Sui Foundation, and will be executed via a network upgrade.

Furthermore, the DEX is designing a specialized compensation contract to oversee the allocation of recovered funds. It also plans to introduce an emergency pool recovery feature within its Concentrated Liquidity Market Maker (CLMM) infrastructure.

According to the team, “Cetus aims to accomplish complete recovery and restart proceedings within a week. This includes data restoration, rebooting the upgraded CLMM contract, and fully resuming all halted product functions, including LP functions.”

The attack, which transpired on May 22, exploited a weakness in Cetus’ CLMM model, draining approximately $223 million from its liquidity pools. The protocol later fixed an error in the open-source library code used in its smart contracts and offered a $6 million white-hat reward to recover 20,920 ETH ($56.3 million) that the attacker had moved to Ethereum.

The incident contributes to the staggering $5.3 billion lost to DeFi hacks so far, including the $600 million Ronin breach and the $323 million Wormhole exploit, as per The Block’s data dashboard.

Disclaimer: The Block is an independent media outlet that delivers news, research, and data. Foresight Ventures, a majority investor of The Block as of November 2023, invests in other companies in the crypto space including crypto exchange Bitget, which is an anchor LP for Foresight Ventures. The Block operates independently to provide objective, impactful, and timely information about the crypto industry. This article is intended for informational purposes only and does not constitute legal, tax, investment, financial, or other advice.

The post Sui Network Governance Green-lights Recovery of Cetus Funds From $223M Crypto Theft appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.