SEC nearly doubles cryptocurrency cop roles in special cyber unit

Policing digital assets sounds more Mission Impossible than NCIS


The US Securities and Exchange Commission intends to fill an additional 20 positions in a special unit that polices cryptocurrency fraud and other cybercrimes.

This brings the newly renamed Crypto Assets and Cyber Unit's total to 50 roles as the SEC hopes to crack down on miscreants trying to profit from growing interest in digital assets and marketplaces.

"As more investors access the crypto markets, it is increasingly important to dedicate more resources to protecting them," SEC Chair Gary Gensler said in a canned statement. "By nearly doubling the size of this key unit, the SEC will be better equipped to police wrongdoing in the crypto markets while continuing to identify disclosure and controls issues with respect to cybersecurity."

The SEC formed the division, formerly known as the Cyber Unit, in 2017. Its 80 crypto-coin-related enforcement actions since then have resulted in about $2 billion in monetary relief for investors, according to the agency.

The expanded crypto-crimes unit will investigate securities law violations related to digital asset offerings and exchanges, lending and staking products, decentralized finance (DeFi) platforms, non-fungible tokens (NFTs), and stablecoins. 

The positions to be filled will include supervisors, investigators, trial lawyers, and fraud analysts in the SEC's Washington, DC headquarters and regional offices, we're told.

The crypto-cop boost comes as cybercriminals prey on these online platforms and exchanges, highlighting the growing security concerns around cryptocurrency technologies.

In April, Beanstalk Farms, a DeFi platform, lost all of its $180 million collateral over a weekend in a massive flash-loan heist. 

Flash-loan attacks are just one way for crooks to illegally profit from blockchain technologies. These loans are awarded and paid back in a single blockchain transaction – it can take just seconds to get the money and return it.

"Unlike a regular loan, you don't need any collateral, or to even go through the identification process," Check Point security researchers explained. "Hackers like to use the flash loan, since they don't even have to risk their own capital, and the wallets don't get traced back to them, since they are using someone else's funds."

Also in April, criminals exploited a now-fixed design flaw in the Rarible marketplace to steal an NFT from Taiwanese singer and actor Jay Chou. The miscreants then sold it for about $500,000.

That same month crooks stole NFTs said to be worth about $3 million after breaking into the Bored Ape Yacht Club's Instagram account and posting a link to a copycat website that sought to harvest marks' assets. 

In March, following Bored Ape Yacht Club's ApeCoin cryptocurrency debut, crooks stole about $1.5 million after claiming a large number of tokens using NFTs that they did not initially own and pulling off fraudulent flash loans. ®


Other stories you might like

  • Will this be one of the world's first RISC-V laptops?
    A sneak peek at a notebook that could be revealed this year

    Pic As Apple and Qualcomm push for more Arm adoption in the notebook space, we have come across a photo of what could become one of the world's first laptops to use the open-source RISC-V instruction set architecture.

    In an interview with The Register, Calista Redmond, CEO of RISC-V International, signaled we will see a RISC-V laptop revealed sometime this year as the ISA's governing body works to garner more financial and development support from large companies.

    It turns out Philipp Tomsich, chair of RISC-V International's software committee, dangled a photo of what could likely be the laptop in question earlier this month in front of RISC-V Week attendees in Paris.

    Continue reading
  • Did ID.me hoodwink Americans with IRS facial-recognition tech, senators ask
    Biz tells us: Won't someone please think of the ... fraud we've stopped

    Democrat senators want the FTC to investigate "evidence of deceptive statements" made by ID.me regarding the facial-recognition technology it controversially built for Uncle Sam.

    ID.me made headlines this year when the IRS said US taxpayers would have to enroll in the startup's facial-recognition system to access their tax records in the future. After a public backlash, the IRS reconsidered its plans, and said taxpayers could choose non-biometric methods to verify their identity with the agency online.

    Just before the IRS controversy, ID.me said it uses one-to-one face comparisons. "Our one-to-one face match is comparable to taking a selfie to unlock a smartphone. ID.me does not use one-to-many facial recognition, which is more complex and problematic. Further, privacy is core to our mission and we do not sell the personal information of our users," it said in January.

    Continue reading
  • Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware
    Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D

    Analysis Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found.

    In a technical report this week, the folks at Prodaft, which has been tracking the cybercrime gang since 2021, outlined its own findings on Wizard Spider, supplemented by info that leaked about the Conti operation in February after the crooks publicly sided with Russia during the illegal invasion of Ukraine.

    What Prodaft found was a gang sitting on assets worth hundreds of millions of dollars funneled from multiple sophisticated malware variants. Wizard Spider, we're told, runs as a business with a complex network of subgroups and teams that target specific types of software, and has associations with other well-known miscreants, including those behind REvil and Qbot (also known as Qakbot or Pinkslipbot).

    Continue reading

Biting the hand that feeds IT © 1998–2022