Cryptohack Roundup: $45 Million Fraud Operation Disrupted

Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime Cryptohack Roundup: $45 Million Fraud Operation Disrupted Also: ZachXBT Uncovers DPRK Worker Scam, Hyperbridge Hack, Coinone Fine Rashmi Ramesh (rashmiramesh_) • April 16, 2026     Share Post Share Credit Eligible Get Permission Image: Peshkova/Shutterstock Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, crackdown on a $45M phishing fraud, ZachXBT uncovers DPRK crypto worker scam, Hyperbridge exploit, South Korea fines Coinone $3.5M, Kraken faces extortion attempt over insider data leak and an American musician loses $420K in fake Ledger app. See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation Crackdown on $45M Crypto Phishing Fraud An international crackdown led by the U.S. Secret Service disrupted over $45 million in cryptocurrency fraud and froze $12 million in stolen funds. The week-long effort, called Operation Atlantic, involved agencies from the United States, the United Kingdom and Canada targeting approval phishing scams that trick users into granting access to crypto wallets. Investigators identified more than 20,000 compromised wallet addresses across more than 30 countries and contacted over 3,000 at-risk victims. Authorities also shut down 120 scam domains and flagged another $33 million in suspected fraud still under investigation. ZachXBT Uncovers North Korean Crypto Worker Scam Blockchain investigator ZachXBT said he has identified a North Korea-linked IT worker network generating about $1 million monthly through fraudulent jobs and crypto payments. His findings draw on data from 390 accounts, including chat logs, wallet activity and identity records. The operation uses fake identities, forged documents and a centralized payment system resembling a messaging platform. Workers report earnings through the system, while administrators direct payments that flow through cryptocurrency before conversion to fiat currency through Chinese bank accounts or services like Payoneer. ZachXBT linked several wallets to known North Korean activity clusters, saying that one Tron address frozen by Tether. The data also reveals VPN use, fake job applications and internal coordination among dozens of workers. Hyperbridge Exploit Mints Fake Tokens Hackers exploited a vulnerability in the Hyperbridge gateway contract to mint 1 billion unauthorized bridged DOT tokens on Ethereum, said blockchain security firm CertiK. The flaw allowed attackers to forge messages, seize administrative control and issue the tokens before quickly selling them for about $237,000. Analysis from Onchain Lens shows the attacker redirected control to a malicious contract, then dumped the tokens, causing the price of bridged DOT to collapse from $1.22 to near zero. Polkadot said the exploit only affected DOT bridged via Hyperbridge on Ethereum, not native DOT or other bridges. The protocol has since halted Hyperbridge while investigating. South Korea Fines Coinone $3.5M, Orders Partial Suspension South Korea's Financial Intelligence Unit fined Coinone 5.2 billion won - $3.5 million- and imposed a three-month partial suspension over anti-money laundering failures, reported Yonhap News Agency. The penalty, effective April 29 to July 28, restricts new customers from depositing or withdrawing funds, though existing users can continue trading. The regulator found Coinone failed to verify identities in roughly 70,000 cases and processed about 10,000 transactions with 16 unregistered overseas exchanges. It also identified tens of thousands of due diligence lapses, including incomplete or inconsistent user information and accounts that bypassed required verification. Coinone CEO will receive an official reprimand, and the firm has 10 days to respond before penalties are finalized. The exchange said it is reviewing the findings and taking corrective action. Kraken Faces Extortion Attempt Over Insider Data Leak Cryptocurrency exchange Kraken is dealing with an ongoing extortion attempt after attackers obtained videos of support staff accessing internal systems, said Chief Security Officer Nick Percoco. Digital extortionists are threatening to release the footage unless paid. Percoco said no systems were breached and customer funds are intact, although about 2,000 accounts may have been viewed. Kraken has refused to negotiate, is working with law enforcement, and has already disrupted one attempt. The footage appears to stem from two insider-related incidents, including a February case where a staff member recorded internal tools. Kraken said it identified and removed those responsible. American Musician Loses $420K in Crypto to Fake Ledger App American musician Garrett Dutton, known as G. Love, lost 5.9 BTC or about $420,000 after entering his seed phrase into a malicious app posing as Ledger's official wallet. He said scammers drained his retirement funds shortly after he downloaded the fake app from the App Store and entered his credentials. Blockchain investigator ZachXBT said that the attacker laundered the stolen bitcoin through KuCoin across multiple transactions.