Hackers are busy exploiting the crypto market downturn to buy discounted Ethereum (ETH) with stolen funds. Meanwhile, the Australian Federal Police (AFP) is investigating a surge in crypto phishing scams, while WazirX is facing backlash over its proposed solution after a $230 million hack. Additionally, Australian prosecutors are seeking jail time for a Crypto.com user who mistakenly received close to $7 million and spent it before the error was discovered.

Hackers Turn Market Downturn into Opportunity

Crypto hackers have seized the ongoing market crash as an opportunity to buy discounted Ethereum (ETH) by using stolen funds from previous heists. On Aug. 5, 16,892 ETH was bought using stolen cryptocurrency linked to the Nomad bridge hack from August of 2022. This happened as ETH's value plummeted by more than 21% over the past 24 hours of trading.

Blockchain analytics firm Lookonchain revealed that the Nomad bridge exploiter used 39.75 million stolen DAI tokens to purchase 16,892 ETH. Shortly after this, the hacker started moving the stolen funds to the crypto mixer Tornado Cash. Crypto mixers like Tornado Cash are commonly used by hackers to make on-chain traceability more difficult.

In addition to Lookonchain’s findings, blockchain investigation firm PeckShield also reported that the Nomad exploiter simultaneously transferred 17.75 ETH to an intermediary Ethereum address. The hacker moved approximately 2,400 ETH, valued at $7 million, to Tornado Cash.

Meanwhile, funds stolen in the Pancake Bunny hack from three years ago are also being moved during the ongoing market volatility. The hacker also seems to be looking to capitalize on lower crypto prices, and exchanged their stolen DAI tokens for ETH. However, blockchain investigator Officer CIA indicated that 3.6 million DAI was mistakenly sent to a DAI stablecoin address. Pancake Bunny is a decentralized finance protocol on the BNB Smart Chain, and suffered a flash loan attack in 2021.

Australian Federal Police Investigates Crypto Phishing Scams

The Australian Federal Police (AFP) is investigating losses from a surge of crypto phishing scams affecting over 2,000 Australian-owned crypto wallets. This is happening after a Chainalysis investigation, known as Operation Spincaster, identified thousands of Australian crypto wallets compromised through ”approval phishing” tactics. 

AFP Detective Superintendent Tim Stainton stated on Aug. 4 that the intelligence gathered from Operation Spincaster has shed some light on new cybercriminal tactics used to defraud Australians. This intelligence is crucial for ongoing investigations that are aimed at identifying cybercrime victims and disrupting offenders in Australia.

Operation Spincaster is fighting against approval phishing scams through education, tools, and training. Approval phishing scams deceive users into signing malicious transactions that allow scammers to transfer tokens to their chosen wallet addresses. These scams usually pop up in fraudulent investment schemes and romance scams, also known as pig-butchering scams. 

Since May of 2021, victims have lost approximately $4 billion to approval phishing scams. Chainalysis is collaborating with the AFP’s Policing Cybercrime Coordination Center (PCCC) to address ongoing investigations.

The collaboration included a workshop hosted by PCCC staff and Chainalysis that focused on compromised wallets, tracing stolen funds, detecting ongoing scams, and supporting victims. Crypto exchanges BTC Markets, Binance, Crypto.com, Ebonex, Independent Reserve, OKX, SwyftX, and Wayex are also working to protect Australians from these scams. 

Additionally, Australian banks have implemented measures over the past 12 to 14 months to prevent crypto scam-related transfers by blocking transfers to crypto exchanges. These banks include Commonwealth Bank, National Australia Bank, Westpac, Australia and New Zealand Banking Group, Bendigo Bank, and more recently, HSBC. 

In 2023, Australians lost up to $840 million to investment scams, according to the country's competition and consumer regulator.

Outrage Over WazirX's Hack Solution

Meanwhile, in the aftermath of the recent $230 million WazirX hack, the crypto exchange's proposed solution to address the losses has faced a lot of resistance from its user base. The crypto community heavily criticized the firm's plan, known as the ”socialized losses” or 55/45 approach, with a poll of WazirX users showing overwhelming disapproval.

The proposed 55/45 approach suggested that users could trade only 55% of their assets on the Indian exchange, while the remaining 45% would be converted into Tether (USDT) or other tokens, which would then be locked on the platform. This will apply to all users, regardless of whether their funds were affected by the hack. 

The poll was conducted from July 27 to Aug. 3, and revealed that there is serious opposition to the proposal. Users vocally expressed their frustration and dissatisfaction, and argued that it unfairly impacted all users rather than addressing those who actually suffered losses in the hack.

Some people suggested other drastic measures to WazirX’s CEO, Nischal Shetty, including filing for bankruptcy and launching memecoins. Others questioned the exchange’s transparency and accountability while criticizing the delay in resolving the issue and providing information.

The backlash against the 55/45 approach is just part of the growing frustration and uncertainty among WazirX users, many of whom are unable to withdraw their funds. The exchange’s handling of the hack and subsequent communication has left its user base feeling uncertain about the future of their investments. 

According to Shetty, the poll was merely a way to ask for community input and not a legally binding decision. The Indian crypto exchange also rejected allegations by TruthLabs about security vulnerabilities that led to the hack.

The hack has prompted the Bharat Web3 Association in India to prioritize the development of robust cybersecurity frameworks and enhanced consumer protection protocols in the crypto industry.

Prosecutors Seek Jail Time for Crypto.com User

In other crypto crime news, Australian prosecutors are asking for a prison sentence for a Crypto.com user who mistakenly received almost $7 million and spent most of it before the exchange discovered the internal error made three years ago. 

In May of 2021, Crypto.com accidentally sent 10.47 million Australian dollars ($6.86 million) to Thevamanogari Manivel and Jatinder Singh instead of a 100 AU$ refund because of an employee error. By the time the exchange finally identified the mistake in a December 2021 audit, Singh already bought multiple homes and gifted 1 million AU$ to a friend. According to Singh, he thought he won an ”online raffle.”

During a court hearing on Aug. 2, prosecutor Campbell Thomson argued that the large amount of money involved made it more than a crime of opportunity, necessitating a jail sentence for Singh. He stated that a short jail term might be appropriate after considering Singh's pre sentence detention. 

Singh's lawyer, Martin Kozlowski, contended that Singh did not fully understand the gravity of the situation, which was difficult for anyone to navigate, especially considering the fact that the funds came from a multinational company that only noticed the discrepancy during an audit.

Singh's sentencing is scheduled for September. His partner, Manivel, received a roughly seven-month prison sentence, which he already served, and an 18-month community corrections order after pleading guilty to recklessly handling the proceeds of crime.