The FBI has successfully orchestrated a crypto sting operation using a token it created to investigate market manipulation. The NexFundAI Token, launched on the Ethereum blockchain, was part of the operation that led to the indictment of 18 individuals and entities for their involvement in fraudulent activities.
The investigation uncovered a sophisticated scheme involving pump-and-dump operations and wash trading, which artificially inflated token prices. Over $25 million worth of cryptocurrency was seized, and several trading bots responsible for manipulating markets across 60 different tokens were shut down.
This operation, known as “Operation Token Mirrors,” is seen as a warning to crypto investors about the risks of market manipulation. Authorities, including the FBI and SEC, are continuing to investigate those involved in fraudulent crypto schemes.
Fortum, Finland’s largest power utility, is dealing with a wave of cyber threats and security incidents targeting its energy facilities, CEO Markus Rauramo revealed. The utility, which manages hydro, wind, solar, nuclear, and combined heat and power plants, faces daily denial-of-service attacks, disruptions to satellite communications, drone sightings, and suspicious individuals around its sites. Fortum has sought assistance from Finnish authorities to investigate the incidents, which have also impacted its operations in Sweden.
Finnish and Swedish intelligence services have declined to comment on the cyber attacks or identify any potential perpetrators. Fortum’s head of security, Jari Stenius, noted an uptick in the frequency of such incidents but emphasised that their impact on operations has been minimal so far. To strengthen its defences, the company has enforced strict access controls, employed private security, set up backup systems, and conducted regular drills with authorities.
The Finnish National Bureau of Investigation (KRP) confirmed that police are currently conducting several investigations into activities near critical infrastructure sites.
Mexico has become the focal point for cybercrime in Latin America, accounting for over 50% of all reported cyber threats in the region during the first half of 2024, according to a study by cybersecurity firm Fortinet. With 31 billion cybercrime attempts, hackers are taking advantage of Mexico’s strategic ties with the US and booming industries like logistics and manufacturing, which are being targeted for larger ransom payouts.
Fortinet’s report highlighted how cybercriminals are using advanced tools, such as AI, to streamline attacks and focus on specific sectors for maximum impact. The rapid shift of production closer to the US, known as nearshoring, has made Mexico’s electronics and automotive industries prime targets. Despite a slight dip in attack numbers compared to last year, the overall threat level remains significant.
Experts, including Fortinet executives, emphasised the need for Mexico to strengthen its cybersecurity laws. While President Claudia Sheinbaum has pledged to establish a cybersecurity and AI center, there has been no mention of legal measures yet. Cybersecurity professionals warn that urgent action is needed as Mexico’s role in global supply chains continues to grow.
David Kagel, an 86-year-old former California attorney, has been sentenced to five years probation and ordered to pay nearly $14 million after admitting to his role in a crypto Ponzi scheme. Kagel, who is currently in hospice care, pleaded guilty to conspiracy to commit commodity fraud, according to a ruling by Las Vegas Federal Court Judge Gloria Navarro.
Prosecutors revealed that Kagel, along with two accomplices, ran the fraudulent scheme from December 2017 to June 2022, luring investors with promises of high returns through a crypto bot trading programme. Victims were convinced their investments were secure, with claims of guaranteed profits and no risk. Kagel even drafted letters on his law firm’s official letterhead to build trust among investors, falsely claiming to hold significant amounts of Bitcoin in escrow.
Kagel’s law license had been revoked by the California Supreme Court in 2023 after misappropriating client funds, with previous suspensions in 1997 and 2012. His co-conspirators, David Saffron and Vincent Mazzotta, have pleaded not guilty and await trial next year.
Coinbase has warned Gen Z users about the increasing threat of online scams, particularly those targeting cryptocurrency investors. In a recent blog post, the platform highlighted four major risks – social media fraud, romance scams, fake websites, and recovery schemes. The company stressed the importance of personal responsibility when securing crypto assets, as users are their own safeguards in the decentralised crypto world.
Among the scams discussed, fraudsters frequently use social media platforms like Instagram and TikTok to lure victims by impersonating public figures or promoting fake investment opportunities. Romance scams, also known as ‘pig butchering’ scams, were another key threat, with scammers building fake relationships to steal funds from their victims. A recent scam in Vietnam saw victims lose over $700,000 through a fraudulent investment platform.
Coinbase also pointed out the dangers of fake websites that mimic legitimate companies to trick users into providing sensitive information or funds. The platform encourages users to stay vigilant and report suspicious activity to law enforcement or platforms like Coinbase, helping prevent others from falling victim to similar fraud.
Ghana has launched its revised National Cybersecurity Policy and Strategy (NCPS) to tackle the escalating cybersecurity threats arising from its rapid digital transformation. The comprehensive framework is designed to address current cyber risks and anticipate emerging ones, ensuring that Ghana’s digital infrastructure remains resilient and secure over the next five years.
The initiative was officially unveiled during the opening ceremony of the 2024 National Cybersecurity Awareness Month (NCSAM) in Accra, which, notably, saw significant participation from high-ranking officials, including the leadership of the Ghana Armed Forces and key stakeholders in cybersecurity. Moreover, the policy is anchored on five essential pillars – Legal Measures, Technical Measures, Organisational Measures, Capacity Building, and Cooperation.
Why does it matter?
The NCPS addresses the rapid digitalisation occurring across critical sectors such as finance, healthcare, education, and commerce at a pivotal moment for the nation. While these advancements offer substantial socioeconomic benefits, they also expose the nation to significant cyber risks that could jeopardise economic stability and public safety.
Therefore, by implementing the NCPS, Ghana aims to strengthen its defences against these threats, protect its digital achievements and ensure sustainable technological progress. Furthermore, Minister Ursula Owusu-Ekuful emphasised that the policy serves as a vital roadmap for addressing current and future cyber threats. In addition, that underscores the importance of enhancing public-private collaboration to bolster the country’s overall digital resilience.
Marriott International will implement an information security program following a settlement with the US Federal Trade Commission (FTC) over data breaches that impacted more than 344 million customers between 2014 and 2020. The settlement requires Marriott and its subsidiary, Starwood Hotels & Resorts Worldwide, to address the vulnerabilities that led to multiple breaches over several years.
The hotel chain also agreed to provide US customers with a way to request deletion of their personal data linked to their email address or loyalty rewards account. In addition, Marriott will review loyalty rewards accounts upon request and restore stolen points. A separate settlement sees Marriott paying $52 million to resolve similar data security claims across 49 states and the District of Columbia.
Marriott has stated that protecting guests’ personal data remains a top priority and that the company continues to invest heavily in improving its cybersecurity measures. However, Marriott did not admit liability for the breaches in either the FTC settlement or the agreements with state Attorneys General.
In 2020, the company faced a class action lawsuit in London brought by millions of former guests seeking compensation after their personal information was compromised during the breaches, considered one of the largest in history.
Lead US negotiator Ambassador Deborah McCarthy emphasised the risks of the US backing out after leading the treaty’s development, warning of a potential divide at the UN if the US withdraws. She also highlighted the treaty’s role in fostering global cooperation on cybercrime investigations and information-sharing, while acknowledging legitimate concerns from various sectors.
Critics, however, argue that the treaty’s provisions on serious crimes—those carrying sentences of four years or more—could empower authoritarian regimes to abuse surveillance powers and violate human rights. Human Rights Watch’s Deborah Brown expressed concern that the treaty lacks robust safeguards and could be used to suppress protected activities like protests and investigative journalism.
While McCarthy stressed that the treaty could spotlight misuse and encourage global cooperation, US Senate ratification remains uncertain. With privacy advocates like Sen. Ron Wyden opposing the treaty, calling it a potential tool for authoritarian regimes, securing the two-thirds Senate vote required for US participation will be challenging.
In her remarks, McCarthy acknowledged that the treaty is not perfect but called it ‘definitely an advancement.’ The treaty’s provision, which automatically allows for the extradition of cyber criminals ‘without having to negotiate country by country,’ is a win, McCarthy said.
India’s Financial Intelligence Unit is investigating the Indian cryptocurrency exchange WazirX following a significant cyberattack that resulted in the theft of $235 million. The exchange is cooperating with government agencies and has provided authorities with extensive server logs and transaction data related to the incident, which occurred in July. Although no physical assets have been seized, WazirX is actively engaging with regulatory bodies to understand the broader implications of the hack on the unregulated crypto sector.
In a bid to enhance transparency, WazirX plans to publicly disclose wallet addresses through court affidavits and has committed to addressing user concerns. The exchange aims to establish a 10-member committee of creditors by 9 October to assist in its restructuring efforts, to return 52-55% of the remaining crypto assets to affected clients within six months.
Additionally, WazirX’s parent company, Zettai, is in discussions with 11 potential partners to explore capital injections and profit-sharing strategies that could aid in user recoveries. Following the hack, WazirX has sought a Scheme of Arrangement in Singapore under local insolvency laws. An independent audit revealed no evidence of wrongdoing by its custodian partner, Liminal Custody.
American Water, a major US utility, has disconnected parts of its computer network following a cybersecurity incident. The company, which serves over 14 million people, paused billing and customer service as a precaution.
The utility detected unauthorised activity on its systems on 3rd October, prompting the immediate disconnection of several systems. This step was taken to safeguard customer data and prevent potential damage to the environment.
Based in New Jersey, American Water has not yet provided further details about the nature of the breach. However, the US has faced numerous cyberattacks in recent years, often from criminals seeking cryptocurrency ransoms.
