Fraudsters Target New Victims with Millions in Laundered Crypto

ZachXBT issued a stern warning about an ongoing scam orchestrated by a notorious group that has been part of multiple rug pulls in the past.

Pseudonymous blockchain investigator ZachXBT exposed a new crypto scam involving notorious fraudsters using platforms like Leaper Finance and ZebraLending to orchestrate multiple rug pulls. In a separate case, computer security engineer Shakeeb Ahmed was sentenced to three years in prison for attacks on Crypto Exchange and Nirvana, making it the first conviction for hacking a smart contract. Additionally, the IRS, spearheaded by criminal investigation chief Guy Ficco, is intensifying efforts to tackle crypto-related tax evasion this year, leveraging partnerships with firms like Chainalysis to trace and analyze cryptocurrency transactions a bit more effectively.

ZachXBT Exposes New Crypto Scheme

Pseudonymous blockchain investigator ZachXBT has issued a stern warning about an ongoing scam orchestrated by a notorious group that is implicated in multiple blockchain frauds. According to ZachXBT's investigation, the group was part of several rug pulls, including those involving platforms like Magnate, Kokomo, Solfire, and Lendora, with cumulative losses totaling more than $20 million. The most recent fraudulent activity centers around Leaper Finance, a lending protocol on the Blast network, and other related projects like ZebraLending on the Base platform.

ZachXBT revealed that the scammers have been depositing funds from previous scams into Leaper Finance to increase liquidity and attract more victims. These funds, initially moved from an Ethereum address, were converted into Wrapped ETH (wETH) and subsequently transferred across multiple blockchain networks using bridging services. This tactic not only increases the project's liquidity but also masks the illicit origin of the funds, making the setup appear more legitimate to unsuspecting investors.

The group's modus operandi involves allowing their projects to hit a high total value locked (TVL) before abruptly disappearing with the deposited funds. They also reportedly falsify Know Your Customer (KYC) documents and employ low-tier audit firms to feign legitimacy. This has allowed them to launch scams across various platforms including Base, Solana, Scroll, Optimism, Arbitrum, Ethereum, and Avalanche.

In response to the exposure of their activities, Leaper Finance and Glori Finance have deactivated their accounts on social media platform X, and their websites have gone dark. Interestingly, after the revelations, the group brazenly responded to ZachXBT, referencing the infamous North Korean hacker group Lazarus, and even announced a 'token launch' which seems to be another attempt to lure victims.

The blockchain community is urged to remain vigilant, especially when dealing with new projects on platforms like Blast. Verifying project credentials, scrutinizing audit reports, and understanding the flow of fund transactions are crucial steps to protect investments. Additionally, the community is encouraged to share information and support one another in identifying suspicious activities to prevent more losses.

This latest scam warning comes in the wake of other major security breaches in the blockchain sector, including a $62 million exploit of the NFT game Munchables on Blast, and the extraction of almost $400 million in Ether from the Ethereum layer-2 network Blast, coinciding with the launch of its mainnet.

What is a Rug Pull?

A crypto rug pull is an exit scam where developers raise funds by selling a token, only to abandon the project and disappear with the collected funds, basically rendering the tokens worthless. These scams are often elaborately planned, using social media influencers and promotional campaigns to attract as many investors as possible. Some rug pulls involve the endorsement of well-known figures in the community to appear credible, while others lure investors with promises of high returns or exclusive digital assets, like NFTs.

Rug pulls typically exploit the price manipulation of a token. Fraudsters drive up the token's value through hype and strategic buying, creating a price peak that attracts more buyers. At the height of the token's value, the scammers sell off their holdings en masse, making a profit and causing the token's value to crash, which results in huge losses for other investors.

These scams are prevalent on decentralized trading platforms (DEXes), where the anonymity provided facilitates fraudulent activities without easy traceability. Rug pulls can be categorized into hard and soft types. Hard rug pulls happen abruptly, causing investors to lose their funds quickly. In contrast, soft rug pulls are gradual, with the developers maintaining a facade of activity to lull investors into a false sense of security before ultimately closing down. Other common types include liquidity pulls, where scammers withdraw all liquidity from a token pool, drastically reducing its value; fake projects that vanish after fundraising; and pump-and-dump schemes that involve inflating a token’s price before selling off.

Three-Year Sentence for Computer Security Engineer

Meanwhile, Shakeeb Ahmed, a computer security engineer, was sentenced to three years in prison by the Southern District of New York Court for orchestrating flash loan attacks on the decentralized Crypto Exchange and Nirvana exchanges in 2022. This case was the first conviction for hacking a smart contract, according to U.S. Attorney Damian Williams. After his prison term, Ahmed will undergo three years of supervised release.

In addition to his prison sentence, Ahmed was ordered to forfeit $12.3 million and pay $5 million in restitution to the affected exchanges. During the incidents, Ahmed exploited vulnerabilities in the exchanges' smart contracts to siphon funds. He later offered to return the stolen funds to Crypto Exchange, minus $1.5 million, if they did not contact law enforcement. However, negotiations with Nirvana broke down after he demanded $1.4 million of the $3.6 million he hacked, which was way more than the $600,000 Nirvana offered.

The fallout from the hacks was severe, with Nirvana's NIRV stablecoin losing its peg to the U.S. dollar and its native ANA coin plummeting by 85%, leading to the closure of the exchange. Ahmed engaged in sophisticated laundering techniques, including using token-swap transactions, bridging assets between blockchain networks, converting funds to the privacy-focused cryptocurrency Monero, and using overseas exchanges and cryptocurrency mixers like Samourai Whirlpool to obscure the origins of the stolen funds.

At the time of the attacks, Ahmed was employed as a senior security engineer for an international technology company and served as the technical lead for Amazon's bug bounty program. Despite his professional achievements, his criminal activities led to his arrest in New York in July, where he was charged with wire fraud and money laundering. Ahmed eventually pleaded guilty to a single count of computer fraud in December.

After his conviction, Ahmed was released on bail and now works for a mental health care startup. Reflecting on his actions during his trial, he mentioned that his exposure to vulnerabilities in his professional capacity led him to exploit them and that he has since sought therapy to address his behavior.

IRS Prepares for Rise in Crypto Tax Evasion Cases

Average crypto holders could also start dealing with the law soon. The United States Internal Revenue Service (IRS) is bracing for an expected surge in cryptocurrency-related tax evasion cases, according to IRS criminal investigation chief Guy Ficco. Speaking at the Chainalysis Links event in New York, Ficco pointed out the growing prevalence of crypto in financial crimes, noting a big shift towards offenses directly involving tax evasion with cryptocurrencies.

The IRS is set to increase its scrutiny of "Title 26 crypto cases," which involve citizens who deliberately evade taxes by misrepresenting their income or concealing information on their tax documents. These cases are anticipated to rise as more people engage in crypto transactions without properly reporting gains. For instance, Ficco explained that some people fail to report income from the sale of cryptocurrencies or attempt to hide the true basis of their crypto assets to reduce taxable gains.

To combat these challenges, the IRS partnered with blockchain analytics firm Chainalysis and other law enforcement bodies to enhance their ability to trace and analyze cryptocurrency transactions. This collaboration will boost the IRS's capability to track the movement of money in the crypto space, which is often complex due to the digital nature of the assets and the anonymity features that some platforms offer.

Furthermore, Ficco offered guidance for taxpayers, emphasizing the importance of reporting the accurate basis and disposition of assets. He clarified that if a person purchases an asset for $10,000 and sells it for $20,000, they are responsible for paying taxes on the $10,000 gain.

The IRS's renewed focus on cryptocurrency tax compliance is also seen in a recent case on Feb. 6, where a Texas man, Frank Richard Ahlgren III, was indicted by a federal grand jury. Ahlgren was charged with filing false tax returns and failing to report more than $4 million in gains from Bitcoin transactions. This case is part of a broader effort by the IRS to crack down on tax evasion and ensure proper reporting and payment of taxes on cryptocurrency transactions. As the Apr. 15 tax filing deadline approaches, the agency is sending a very clear message to U.S. citizens about the importance of compliance to avoid legal repercussions.