Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime

Cryptohack Roundup: Android Chips Hot Wallet Attack

Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, Ledger warned that physical attacks on Android chips pose risks for hot wallet users, a criminal network behind a 700 million euro fraud was dismantled, a British hacker tied to the $243 million Genesis theft was reportedly taken into custody, and a key participant in a $263 million social engineering ring pleaded guilty. Police arrested two men in Vienna over a crypto-linked killing.

See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation

Crypto wallet provider Ledger's Donjon research team uncovered a vulnerability in the MediaTek Dimensity 7300 (MT6878) chip used in many Android smartphones, showing that physical attacks could compromise software-based crypto wallets.

By applying electromagnetic fault injection, the researchers disrupted the chip's boot ROM - the highest-privilege code at startup - allowing them to extract memory contents, bypass security checks and run arbitrary code at the processor’s top privilege level.

Ledger said that the vulnerability does not affect its hardware wallets, which use secure elements, but says the danger is from relying solely on smartphone hot wallets for safeguarding private keys. The flaw was disclosed to MediaTek in May, and affected manufacturers have been notified. Ledger said that even advanced smartphone chips are vulnerable to physical attacks.

Europol announced a major crackdown on a criminal network that laundered over 700 million euros through fraudulent cryptocurrency platforms, targeting thousands of victims across Europe and beyond.

The network operated fake crypto investment sites supported by aggressive call centers that used social engineering and fake trading dashboards to extract funds. Criminals moved stolen crypto across multiple blockchains and exchanges to obscure its origin.

The investigation spanning several years culminated in a two-phase operation. On Oct. 27, raids in Cyprus, Germany and Spain led to nine arrests and the seizure of 800,000 euros in bank funds, 415,000 euros in cryptocurrencies, cash, digital devices and luxury watches. A second phase on Nov. 25 and Nov. 26 targeted affiliate marketing operations that used deepfake videos to lure victims, with searches conducted in Belgium, Bulgaria, Germany and Israel.

Blockchain investigator ZachXBT said a British threat actor linked to a $243 million theft from a Genesis creditor on Gemini may have been arrested. In a post on Telegram, ZachXBT suggested law enforcement had seized crypto assets.

He said about $18.58 million in Ethereum at address 0xb37...9f768, allegedly tied to the hacker, appeared consolidated along with other addresses in a pattern consistent with prior law enforcement seizures. ZachXBT reported the suspect was last known to be in Dubai, where a villa raid may have occurred, though no official confirmation exists. Several associates reportedly became unresponsive online.

Dubai police and UAE regulators have not issued statements, and there are no media reports verifying the raid, arrests or asset seizures related to Zulfiqar, the Genesis creditor theft or a previous Kroll SIM swap incident.

The U.S. Department of Justice announced that 22-year-old California resident Evan Tangeman pleaded guilty to participating in a RICO conspiracy tied to a $263 million crypto theft scheme. Tangeman admitted to laundering more than $3.5 million for a social engineering ring that operated from October 2023 to May this year.

The ring, which originated among friends on gaming platforms and spanned multiple U.S. states and foreign locations, stole approximately 4,100 BTC - worth $263 million at the time and now valued at $371 million. Its members included hackers, organizers, target identifiers, callers and burglars who stole hardware wallets. They used compromised databases to identify wealthy victims, then cold-called them with fabricated cybersecurity alerts to gain access to their accounts.

The stolen crypto funded luxury spending, rental properties and private security. Tangeman converted stolen cryptocurrency into cash, secured rental homes under fake names and helped conceal the operation. His sentencing is set for April 24.

Austrian police reportedly arrested two Ukrainian men, ages 19 and 45, in connection with the killing of a 21-year-old Ukrainian man whose body was found in a burned Mercedes in Vienna's Donaustadt district.

Investigators say the men confronted the victim earlier that night in the underground garage of the SO/ Vienna hotel. Police believe the men forced the victim into his car, drove him to another part of the city, beat him and coerced him into handing over passwords to two cryptocurrency wallets. The wallets were later emptied and officers recovered a "large amount" of U.S. dollars from one suspect.

Local media report that the victim died from head injuries before the fire started. Authorities identified the suspects through surveillance and border records. Both were detained in Ukraine, where the case will now be prosecuted.