Swiss and Nepalese regulators have raised red flags about the growing risks of cryptocurrency misuse. In its latest Risk Monitor report, Switzerland’s financial watchdog FINMA identified digital assets, especially stablecoins, as a high-risk area for money laundering. The agency highlighted their role in sanctions evasion, dark web transactions, and cyberattacks. FINMA has tightened oversight of financial institutions offering crypto-related services to safeguard the sector’s reputation.
Meanwhile, Nepal’s Financial Intelligence Unit (FIU) reported a surge in crypto misuse for cross-border money laundering and fraudulent investment schemes. Despite a national ban on crypto trading, fraudsters continue exploiting digital assets to obscure illicit funds. Victims often avoid reporting crimes, fearing legal repercussions or social stigma, hindering enforcement efforts.
Authorities in both countries are calling for robust measures to combat these threats, emphasising the need for heightened vigilance and better reporting mechanisms.
Heather Morgan, also known as Razzlekhan, has been sentenced to 18 months in prison for her role in laundering Bitcoin stolen during the 2016 Bitfinex hack. Her husband, Ilya Lichtenstein, who orchestrated the theft of 119,754 Bitcoin, received a five-year prison term. While Morgan was not involved in the hacking itself, she played a significant part in concealing the stolen funds, now valued at $10b.
The couple’s sentences were reduced due to their cooperation with US authorities in other crypto-related cases. However, US District Judge Colleen Kollar-Kotelly stressed the deliberate nature of Morgan’s actions, highlighting the sophisticated methods she used, such as fake identities and small transfers to evade detection.
Morgan’s request for a ‘time served’ sentence was denied, despite claims of harsh pretrial detention conditions. Following her prison term, she will face 36 months of supervised release and a $200 fine. The case underscores the growing scrutiny on crypto-related crime and the severe penalties for offenders.
Russian security experts have uncovered a new deepfake scam exploiting the image of Donald Trump, targeting English-speaking audiences. FACCT, a Moscow-based cybercrime prevention firm, reported that scammers are using a bot to create deepfake videos of prominent figures like Trump, Elon Musk, and Tucker Carlson. These videos are being shared on platforms such as TikTok and YouTube to promote fraudulent crypto exchanges.
The bot allows users to generate customised videos with text up to 400 characters long, which fraudsters use to advertise fake trading platforms. FACCT identified three primary scams: fake exchanges where victims’ tokens are stolen, malware links that compromise crypto wallets, and bogus tokens that can’t be sold.
This warning follows a rise in crypto-related scams in Russia, including digital ruble frauds. Authorities are urging vigilance as the Russian Central Bank prepares to launch its central bank digital currency nationwide next year.
David Attenborough has criticised American AI firms for cloning his voice to narrate partisan reports. Outlets such as The Intellectualist have used his distinctive voice for topics including US politics and the war in Ukraine.
The broadcaster described these acts as ‘identity theft’ and expressed profound dismay over losing control of his voice after decades of truthful storytelling. Scarlett Johansson has faced a similar issue, with AI mimicking her voice for an online persona called ‘Sky’.
Experts warn that such technology poses risks to reputations and legacies. Dr Jennifer Williams of Southampton University highlighted the troubling implications for Attenborough’s legacy and authenticity in the public eye.
Regulations to prevent voice cloning remain absent, raising concerns about its misuse. The Intellectualist has yet to comment on Attenborough’s allegations.
The National Cyber Security Centre (NCSC) and its international partners have issued an urgent advisory highlighting the growing trend of threat actors exploiting zero-day vulnerabilities, emphasising the importance of proactive security measures.
This joint advisory has been published by NCSC (UK), the US Cybersecurity and Infrastructure Security Agency (CISA), the US Federal Bureau of Investigation (FBI), US National Security Agency (NSA), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NCSC-NZ), and CERT NZ.
The UK NCSC, in collaboration with cybersecurity agencies from the United States, Australia, Canada, New Zealand, and others, identified the top 15 most commonly exploited vulnerabilities of 2023. A majority of these vulnerabilities were initially targeted as zero-days—newly discovered flaws without immediate patches, allowing cybercriminals to strike high-priority targets before fixes were available.
The advisory highlights a notable shift compared to 2022, when fewer than half of the top vulnerabilities were exploited as zero-days. The rise in zero-day attacks has continued into 2024, underlining the evolving tactics of cyber adversaries.
The advisory urges organisations to stay vigilant in their vulnerability management practices, prioritising the timely application of security updates and ensuring that all assets are identified and protected. It also calls on technology vendors and developers to adopt secure-by-design principles to minimise product vulnerabilities from the outset.
T-Mobile‘s network was among those breached in a prolonged cyber-espionage campaign attributed to Chinese intelligence-linked hackers, according to a Wall Street Journal report. The attackers allegedly targeted multiple US and international telecom companies to monitor cellphone communications of high-value intelligence targets. T-Mobile confirmed it was aware of the industry-wide attack but stated there was no significant impact on its systems or evidence of customer data being compromised.
The Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) recently disclosed that China-linked hackers intercepted surveillance data intended for American law enforcement by infiltrating telecom networks. Earlier reports revealed breaches into US broadband providers, including Verizon, AT&T, and Lumen Technologies, where hackers accessed systems used for court-authorised wiretapping.
China has consistently denied allegations of engaging in cyber espionage, rejecting claims by the US and its allies that it orchestrates such operations. The latest revelations highlight persistent vulnerabilities in critical communication networks targeted by state-backed hackers.
Ilya Lichtenstein, a New York tech entrepreneur, was sentenced to five years in prison for laundering stolen cryptocurrency from Bitfinex, one of the world’s largest exchanges. Lichtenstein admitted to hacking Bitfinex in 2016, stealing around 120,000 bitcoin using advanced tools. At the time of the theft, the bitcoin was valued at $71 million but had soared to $4.5 billion by his arrest in 2022.
Lichtenstein and his wife, Heather Morgan, were arrested in February 2022. Morgan, a self-styled rapper known as “Razzlekhan,” also pleaded guilty to conspiracy charges and is set to be sentenced on November 18. US authorities recovered $3.6 billion of the stolen funds in what Deputy Attorney General Lisa Monaco called the largest financial seizure in the Justice Department’s history.
Alongside his prison term, Lichtenstein will serve three years of supervised release, marking a significant milestone in the fight against cryptocurrency-related crimes.
US officials acknowledged concerns but emphasised that ‘this Convention, by its explicit terms, does not permit Parties to misuse the Convention or any part of it to suppress human rights’ and that ‘the US further call on all states to take necessary steps within their domestic legal systems to ensure the Convention will not be applied in a manner inconsistent with human rights obligations, including those relating to speech, political dissent, and sexual identity’.
Jonathan Shrier, a US representative to the UN, emphasised that the US would hold governments accountable for any misuse of the treaty and encouraged signatories to pass laws safeguarding human rights. He also highlighted mechanisms to monitor and address future abuses under the treaty, urging countries to reject data-sharing requests from those violating its human rights protections.
The UK also issued a statement endorsing the treaty but acknowledged that some member states have already resisted its human rights obligations. In the statement, the UK highlighted that it ‘will not cooperate with any country which does not comply with the safeguards required by this Convention’.
DiploFoundation recently organised an expert discussion to discuss directly with some delegations the contents of the UN convention, including the human rights provisions.
South Korean authorities have arrested 215 individuals in connection with the country’s largest cryptocurrency investment scam, which reportedly defrauded investors of 320B won ($228.4M). Among those detained is the alleged leader of the operation, who is accused of selling 28 worthless virtual tokens to approximately 15,000 victims with promises of high returns.
According to police, the group issued six of the tokens on overseas crypto exchanges and manipulated their values through market-making teams. To attract investors, they established consulting companies, recruited sales teams, and targeted viewers of a YouTube channel. Officials revealed that many of the tokens were fraudulent and lacked real value.
This case highlights growing concerns over cryptocurrency-related scams in South Korea and globally, as unregulated digital assets continue to attract both investors and opportunistic criminals. The arrests mark a significant step in addressing financial crimes in the fast-evolving crypto landscape.
Hackers with alleged links to China have stolen sensitive data from US telecommunications firms, targeting information intended for law enforcement agencies. US officials announced the breach on Wednesday, revealing that multiple telecom networks had been compromised. The hackers reportedly accessed call records and communications of individuals in government and political roles, according to a joint statement from the FBI and the Cybersecurity and Infrastructure Security Agency (CISA).
Among the data stolen was information connected to court-ordered surveillance requests made by US law enforcement. The agencies provided limited details about the breach and have yet to disclose the number of companies affected. CISA and the FBI declined to comment further, with additional insights expected as investigations continue.
The incident aligns with earlier reports in the Wall Street Journal, which suggested that Chinese hackers may have infiltrated systems intended for law enforcement to monitor communications. Such claims have led to growing concerns about the security of US telecom infrastructure, particularly given reports of targeted attacks on the phones of high-profile political figures.
The Department of Homeland Security’s Cyber Safety Review Board will investigate the breach, part of an effort to evaluate significant digital security threats. China’s embassy in Washington declined to comment on the latest hacking allegations, which it has previously dismissed as unfounded.
