Today, the blockchain cybersecurity team at SlowMist has shared promising news regarding the evolution of law enforcement work, which is now adopting blockchain tracking tools to establish the movement of illicit funds and verify ownership of cryptocurrency assets.
The specific incident described by SlowMist involved the Criminal Investigation Bureau and the Judicial Reform Foundation of Taiwan, as well as the XREX trading platform and the SlowMist AML team. Together, they successfully resolved a complex cryptocurrency scam and facilitated the return of the stolen funds to the victim.
Read also: FBI vs LockBit Battle: No Names Revealed, Ransomware Group Restores Its Servers
The exploit investigated by Taiwan’s law enforcement agency was conducted in October and took the form of a sophisticated phishing scheme targeting Double Wan, a user of the decentralized social platform Friend.tech.
Last year, the increasing popularity of Friend.tech attracted the attention of numerous malicious actors who primarily focused on fake FRIEND tokens. These actors either distributed phishing links through posts imitating FRIEND airdrop promotions or executed exit scams involving fake FRIEND tokens.
However, some of the scams evolved into more intricate phishing attacks. In these instances, scammers carefully selected their victims from influential Friend.tech users and employed a personalized strategy to invite them to participate in a supposed interview. Those who unwittingly agreed to engage in conversation with scammers were subjected to phishing attacks.
After enticing victims to submit personal information through a phishing webpage disguised as part of the interview process, the submission was interrupted by an error message upon clicking "Verify." Subsequently, the criminals advised victims to bookmark the "Verify" link in Google Chrome, which lead to a verification prompt that requested the victim's password. Those who divulged their personal information and passwords unknowingly granted access to their Friend.tech accounts and associated funds.
The same tactics were used to deceive Double Wan. This attack resulted in the loss of 14.2 ETH, valued at over $47,000 at the time of publication.
After the victim contacted the SlowMist AML team, the on-chain security experts conducted an investigation, revealing that the stolen funds were initially transferred to a wallet associated with theft. Subsequently, the SlowMist AML team identified the cross-chaining of ETH from the Base chain, where Friend.tech is deployed, to the Ethereum chain. Finally, the stolen funds were sent to an OKX exchange address.
While it was possible to freeze the funds for 72 hours, the challenging aspect was prolonging this period. According to SlowMist, OKX's policies required "intervention from law enforcement from Taiwan within 72 hours, or else the freeze on the illicit funds could not be extended."
Fortunately, this incident showcased swift collaboration between the cybersecurity team and the police, enabling the victim to file a police report and apply to the court for a seizure order in time.
Another challenge accompanying this scenario was the requirement for the re-validation of fund flow documents and ownership of stolen funds by a neutral third party. In this case, the XREX team acted as a validator.
Read also: New Honeypot Crypto Contracts Can Pass 70% of Paid Audits
In its report, SlowMist cited Mei-Hui Chen from the Judicial Reform Foundation, who hopes that such collaboration, "relying on the mutual trust among various units," will become "a standard procedure for similar cases."
"It’s encouraging for all law enforcement units and experts involved that even funds transferred to foreign exchanges could be recovered," Chen added.
Four days ago, SlowMist also shared the news about expanding its Web3 wallet security services by including an ultimate audit of hardware cryptocurrency wallets.
Although hardware wallets, which store private keys offline, provide a higher level of security compared to web and app wallets by minimizing exposure to potential hacker attacks, their usage still poses risks to funds if such wallets are not robust enough.
"If the security of the hardware itself is not adequately considered from the outset, it may introduce security issues that cannot be fixed through firmware updates," SlowMist emphasizes the severity of the threat, adding that "In such cases, the only solution is to release a new version of the hardware wallet."
SlowMist also highlights other potential weaknesses of hardware wallets including "supply chain, physical security, and firmware code implementation."
To help developers identify vulnerabilities early enough and avoid the distribution of faulty wallets to end-users, SlowMist has added a comprehensive hardware wallet security audit procedure to its offer, which covers the security of hardware including wallet’s circuit design, firmware, storage, device interface communication, permission and exception handling. Furthermore, the service includes audits targeting the security of business logic, device-based authentication, transfers, third-party components, user interactions as well as secret key generation, management, and destruction.