Crypto Security Report: September 2024

Featuring the $243 million Bitcoin heist undone by the scammers' own hubris, an FBI warning that North Korean hackers are eyeing crypto ETFs, the FBI's seizure of fake crypto-recovery sites, and a 47-year sentence for violent Bitcoin home invasions.

8 minutes
Crypto Security Report: September 2024

Each month, MetaMask Security Director Luker reports on the latest crypto attacks and emerging risks that you need to know about.

September 2024's biggest headline was the story of a $243 million attempted Bitcoin heist, one of the year's largest single-victim thefts, that unraveled thanks to the scammers' own hubris. Elsewhere, the FBI seized a network of fake crypto-recovery sites. And, a violent Bitcoin home-invasion crew was handed a 47-year prison sentence.

In MetaMask Security news, we celebrated a year of Snaps with a deep dive on signature-insight security from Kleros. We also ran a threat-intelligence-heavy State of Security with Wallet Guard. Last but not least, MetaMask’s own Taylor Monahan shared her take on the FBI's recent warning about North Korean hackers eyeing crypto ETFs. The full breakdown is below, but first...

Puerto Rican physician Dr. Helen Rodríguez Trías (1929–2001) was the first Latina president of the American Public Health Association. She championed healthcare rights for women and children, fought against sterilization abuse, and cared for HIV and AIDS patients in the 1980s when few would. Her life's work—protecting the people most at risk and making safety a right rather than a privilege—is a fitting model for anyone who works in security.

Kleros and MetaMask Snaps mark a year of signature insights

MetaMask Snaps launched 1 year ago, letting users extend wallet functionality with customizable add-ons. Security Snaps have been a key focus of this initiative.  To mark the occasion, MetaMask’s Christian Montoya sat down with Guangmian Kung from crypto dispute resolution company Kleros to talk about signature protection. As Montoya explained, "by allowing developers to build security features for signatures, we're able to leverage the power of the community to safely decode and help protect users from malicious signatures with enhanced protections." He also discussed how MetaMask and Consensys are helping up-and-coming third-party developers build sustainable businesses through Snaps, teased that human-readable name resolution is launching soon, and looked ahead to the next phase of permissionless snaps. The Kleros Scout is a security-focused Snap that pulls contract metadata from Kleros's decentralized token curated registries to provide insights about the contract a user is about to interact with. 

Crypto job scams and how to stay safe in web3

Whether you’re hiring or looking to be hired, there's been a spike in work-related grifts during 2024. Scammers are creating fake job offers to trick individuals into sharing sensitive information, or installing malware as a means to separate them from their crypto assets. Threat actors have also been weaseling their way into blockchain-related companies to wreak havoc through the back door.

MetaMask Support's staying safe in web3 article offers tips on how to identify and avoid these fraudulent schemes, including verifying the legitimacy of job postings and safeguarding businesses. 

State of Security: MetaMask and Wallet Guard talk threat intelligence

In case you missed it: MetaMask security researchers Miles Nolan and Jackson Brietzke joined regular Wallet Guard hosts Ohm Shah and Michael Khekoian for a threat-intelligence-heavy installment of the regular State of Security. Marking the first installment since Wallet Guard joined the Consensys family, as always we share  plenty of tips for staying safe as you navigate the crypto ecosystem. 

FBI issues warning about North Korean hackers targeting crypto ETFs

As reported by DLNews, the FBI has warned that North Korean hackers are targeting companies involved with cryptocurrency exchange-traded funds (ETFs), such as those dealing with Bitcoin and Ethereum. These hackers, particularly the Lazarus Group, are known for using sophisticated cyber attacks and social engineering tactics to steal funds.

With ETFs growing in popularity and attracting significant investment, the FBI's warning urges companies to strengthen internal security and prepare for potential attacks.

Speaking with DLNews, MetaMask Security's Taylor Monahan shared, “If I were an ETF issuer (or even working at a company adjacent or brand affiliated with ETFs), I would definitely be reviewing my internal controls right now." She also theorized that the federal PSA may be an effort to “frontrun a hack.” 

Scammers orchestrate a $243 million Bitcoin heist

What happened

Federal agents arrested 2 people for orchestrating a $243 million Bitcoin theft from a Washington, DC resident believed to be a Genesis creditor. The duo, working under online aliases, were accused of accessing and laundering more than 4,100 Bitcoin since August 2024—then spending lavishly on international trips, luxury goods, and high-end rentals in Los Angeles and Miami. 

As ZachXBT detailed, the "highly sophisticated social engineering attack" involved impersonating support staff from Google and the Gemini exchange to trick the victim into compromising their Bitcoin keys, with the funds then dispersed across exchanges in a tangle of Bitcoin, Litecoin, Ethereum, and Monero. The twist: leaked videos of the attack in progress ended up exposing the attackers' own identities and the details of their laundering operation. How users can stay safe

To protect yourself, enable two-factor authentication (2FA) for an added layer of security on all sensitive accounts and be wary of any requests to reset or disable it, especially from unsolicited calls or messages. Always verify the identity of support personnel by contacting the company directly through official channels. And, be cautious of sharing personal information or allowing remote access to your devices. 

The FBI seizes fake cryptocurrency recovery websites

What happened The FBI San Diego Field Office has recently taken action against a new scam targeting victims of cryptocurrency fraud by seizing the websites of 3 so-called cryptocurrency recovery services: MyChargeBack, Payback LTD, and Claim Justice. These services falsely advertised their ability to trace and recover lost cryptocurrency funds, often demanding substantial upfront fees and additional commissions without delivering on their promises. Utilizing social media and fake reviews, the fraudulent companies have exploited victims' hopes of reclaiming their lost assets, further entrenching them in financial loss. 

How users can stay safe

Exercise caution and conduct thorough research on any cryptocurrency recovery service. Be skeptical of services that require upfront payments, or boast unrealistic success rates without verifiable track records. Always verify the authenticity of individuals claiming to offer recovery services, especially if they allege connections to legal or financial institutions. If approached by someone promising to recover stolen cryptocurrency, refrain from sharing personal or financial information and avoid making any payments.

Victims of such schemes are encouraged to report their experiences to ic3.gov to help combat these fraudulent activities. 

Violent Bitcoin home invasions lead to a 47-year prison sentence

What happened

Remy St Felix, a 24-year-old from Florida, was sentenced to 47 years in prison for leading a criminal group in a series of violent home invasions targeting cryptocurrency owners. The group, consisting of 13 co-conspirators, stole $3.5 million in Bitcoin and other digital assets through brute force, SIM-swapping attacks, and holding victims at gunpoint in Florida. St Felix was convicted on multiple counts, including conspiracy, kidnapping, and wire fraud, and was ordered to pay $524,000 in restitution. Their criminal activities spanned across the United States, from Texas to New York, between September 2022 and July 2023. The crew also engaged in laundering the stolen funds using decentralized finance tools. A co-conspirator, Jarod Gabriel Seemungal, received a 20-year sentence and was ordered to pay $4 million in restitution. The FBI, along with other law enforcement agencies, played a crucial role in bringing the perpetrators to justice.

How users can protect themselves 

Individuals should enhance their digital security practices. This includes using strong, unique passwords for all accounts, enabling two-factor authentication, and being cautious of sharing personal information online. Additionally, consider using non-custodial wallets to store significant amounts of cryptocurrencies, as they are less vulnerable to online hacking attempts like SIM-swapping. This incident is a reminder that cryptocurrency holders, like those with traditional fiat, may face physical security threats. 

Immunefi's Mitchell Amador on the real impact of onchain hacks

Mitchell Amador of Immunefi discussed the challenges and opportunities in blockchain security and bug bounties, highlighting the growing need for more skilled people to tackle security issues and arguing that trust is central to better security outcomes. He also shared some forward-looking ideas, suggesting that in the future, new systems might emerge to replace the old ones, similarly to how tech is shaking up traditional finance.

Common vulnerabilities with liquid restaking protocols 

Sigma Prime security researcher Elmedin Burnik outlined potential risks in liquid restaking protocols, like reentrancy attacks, denial-of-service issues, and reward distribution bugs. He broke down how these work in systems like EigenLayer, using real-world examples from security reviews. With this knowledge share, Elmedin hopes to help developers and researchers understand and fix these problems to improve blockchain security. 


MetaMask's September 2024 Crypto Security Report covered the $243 million Bitcoin heist undone by the scammers' own hubris, Taylor Monahan's take on the FBI's warning that North Korean hackers are eyeing crypto ETFs, and a 47-year prison sentence for a violent Bitcoin home-invasion crew. Browse previous editions of the MetaMask Crypto Security Report for more threats, trends, and tips for staying safe across the ecosystem.

  • Luker
    Luker

      Jen Luker, known by most as just Luker, is the Director of Product Security at Consensys, where she leads the frontline defenders who protect millions of users from vulnerabilities, emerging threats, and malicious actors across decentralized tech. An active participant in the Ethereum ecosystem since 2017, she has held key roles including Editor at ETHNews and Project Manager at MyCrypto. Luker is a regular speaker at industry conferences, the author of MetaMask's monthly Crypto Security Report, and an official ETH Security Badge holder as designated by The DAO. She's also a passionate advocate for continuous education and security awareness as essential pillars for the future of Ethereum and blockchain technology.

      Read all articles