Cryptocurrency theft of $9.5M reported; funds laundered through KuCoin deposit addresses, involving Bitcoin, Solana, and other tokens.
Incident Overview
Onchain investigator ZachXBT has reported a significant theft of cryptocurrency, involving approximately $9.5 million across multiple blockchain networks. The incident, spanning from April 7 to 13, targeted more than 50 victims and involved cryptocurrencies like Bitcoin (BTC), Solana, Tron, XRP Ledger, and Ethereum Virtual Machine (EVM)-compatible tokens.
Stolen Funds and Laundering
According to ZachXBT's findings, the stolen funds were laundered through over 150 KuCoin deposit addresses. These addresses are allegedly linked to a service known as AudiA6, which is characterized as a centralized mixing service. The thefts reportedly involved three victims with large losses: one lost approximately $1.95 million in BTC and staked Ether (stETH), another suffered $3.23 million in USDt (USDT) on April 9, and a third victim incurred a loss of around $2 million in USDC (USDC) on April 11.
App Store Removal and Regulatory Scrutiny
The fake Ledger Live app was removed from the Apple App Store on April 13. ZachXBT also highlighted recent increases in illicit activities linked to KuCoin, noting that the company faced regulatory scrutiny following its ban of new European Union users in February after receiving a Markets in Crypto Assets Regulation (MiCA) license.
Expert Commentary and Warnings
Charles Guillemet, CTO of Ledger, emphasized the importance of user vigilance. In a statement to Cointelegraph, he warned that users should never enter their 24-word recovery phrase into any app or software environment. He further advised against assuming official-looking software is inherently safe.
"This cannot be overstated: You cannot trust the software environment around you – not your browser, not your app store, not your desktop," Guillemet stated. "Attackers operate wherever the opportunity exists, including official distribution platforms."
Recent Similar Incident
The latest theft follows a smaller but similar case reported on April 12. Musician Garrett Dutton, also known as "G. Love," lost about $420,000 in BTC after downloading and using a malicious app that mimicked Ledger Live from the Apple App Store.
Both Cointelegraph inquiries to Apple and KuCoin regarding these reports were pending at press time.
Conclusion
The incident highlights the ongoing challenges of securing cryptocurrency assets against sophisticated phishing attacks. As regulatory bodies continue to scrutinize exchanges like KuCoin, user vigilance remains critical in protecting digital assets.
Source: Read Original Article
Post a Comment