Wallets of darknet marketplace Nemesis hit by US sanctions

Posted on by Editorial Team

The US Treasury Department’s Office of Foreign Assets Control (OFAC) has added 44 Bitcoin and five Monero addresses associated with the closed darknet marketplace Nemesis Market to the SDN.

The press release says they were controlled by Iranian citizen Behrouz Parsarad, who was allegedly the platform’s administrator.

On March 20, 2024, BKA seized Nemesis Market infrastructure in Germany and Lithuania, disrupting its operations. In the process, police confiscated digital assets worth €94,000.

The investigation began in October 2022.

The platform, created in 2021, sold drugs, stolen data and credit cards, as well as cybercriminal services, including ransomware, phishing, and DDoS.

Before the shutdown, Nemesis had an active audience of 30,000 users who carried out ~$30 million in drug transactions.

Parsarad received millions of dollars in commissions from the transactions and facilitated the laundering of digital assets, according to OFAC.

The administrator remains at large. According to the agency, Parsarad may have “discussed the creation of a new darknet market” with former suppliers.

Recall that in April 2022, German police confiscated the servers of the darknet marketplace Hydra and seized 543 BTC, and the US Treasury imposed sanctions on the platform.

That same month, an American court indicted Russian Dmitry Pavlov in absentia for administering Hydra, providing it with hosting services, conspiring to launder money, and distributing drugs. At the same time, the Meshchansky District Court of Moscow arrested Pavlov on another charge.

In December 2024, the Moscow Regional Court sentenced Hydra founder Stanislav Moiseev to life imprisonment and a fine of 4 million rubles.

The Billion-Dollar Heist: How Bybit Survived the Largest Crypto Hack in History

Posted on by Editorial Team

On February 21, the cryptocurrency world was shaken when Bybit, one of the largest Bitcoin exchanges, fell victim to a staggering $1.5 billion hack – marking it as the biggest cyber heist in crypto history. Despite the massive breach, the platform continued operating, thanks in part to swift crisis management and the backing of industry heavyweights.

How the Hack Unfolded

On February 21, on-chain detective ZachXBT reported suspicious ETH outflows from Bybit. We are talking about 499,395 ETH (about $1.46 billion at the time). The assumptions about the hack were confirmed by the company’s CEO Ben Zhou, and his employees almost immediately published a statement according to which the incident occurred when transferring ETH from cold multisig storage to a hot wallet.

The attackers replaced the transaction signing interface so that all participants in the procedure saw the correct address. At the same time, the logic of the smart contract was changed, and the hackers gained control of the ETH wallet and withdrew all the funds.

Zhou hastened to reassure clients and emphasized that the platform remains solvent and continues to process withdrawal requests, albeit with a delay: within about 10 hours after the hack, the exchange recorded a record number of withdrawal requests – more than 350,000. At that time, about 2,100 requests remained pending, while 99.994% of transactions were completed.

Nevertheless, the platform’s CEO still asked partners to provide a loan in ETH – the funds were needed to cover liquidity during the crisis period. As a result, more than 10 companies supported the exchange.

Huobi co-founder Du Jun contributed 10,000 ETH and promised not to withdraw it for a month. The co-founders of Conflux and Mask Network also announced the deposit of Ether to the exchange’s cold wallets. Coinbase Head of Product Conor Grogan wrote that Binance and Bitget sent >50,000 ETH there too.

According to reporter Colin Wu, 12,652 stETH (around $33.75 million) were transferred from MEXC to Bybit’s cold wallet.

The ETH price responded to the Bybit hack by falling to $2,625 (Binance), but recovered fairly quickly. By the evening of February 23, the quotes momentarily exceeded $2,850, after which they corrected to $2,690 (as of February 24).

Bybit representatives said that information about the incident has been “reported to the relevant authorities.” In addition, cooperation with on-chain analytics providers has allowed them to identify and isolate the associated addresses, limiting the attackers’ ability to “withdraw ETH through legitimate markets.”

As of February 24, Bybit has fully restored its Ethereum reserves (~444,870 ETH).

Who Was Behind the Attack?

According to ZachXBT, unknown individuals quickly exchanged some of the stolen mETH and stETH tokens for ETH via decentralized exchanges. 10,000 ETH were divided between 36 wallets.

The founder of DeFi Llama, 0xngmi, noted that the methods in this attack are similar to the incident with the Indian exchange WazirX in July 2024. At that time, Elliptic analysts concluded that North Korean hackers were behind the attack.

0xngmi’s assumption was confirmed by Arkham Intelligence. According to them, on the day of the Bybit hack, ZachXBT investigator “provided irrefutable evidence of Lazarus Group’s involvement in the hack”:

Its analysis contains a detailed analysis of test transactions and associated wallets used before the attack, as well as a number of graphs and timestamps. This data has been transferred to the exchange team to assist with the investigation.”

The founder of the AML service BitOK and crypto investor Dmitry Machikhin noted that the stolen cryptocurrency is actively being withdrawn from the Ethereum network to other blockchains. According to his observations, immediately after the hack, the assets were distributed to 48 different addresses.

At the second stage:

  • crypto assets from these addresses were gradually split into even smaller parts (50 ETH each);
  • funds were sent through bridges (eXch and Chainflip) to other networks.

The image shows how one of the 48 addresses splits the transactions into 50 ETH and goes to Chainflip.

According to Taproot Wizards co-founder Eric Wall, the North Korean hackers are likely to convert all ERC-20 tokens to ETH, then exchange the resulting ETH for BTC, and then gradually transfer the bitcoins to yuan through Asian exchanges. In his opinion, the process could take years.

ZachXBT reported that Lazarus transferred 5,000 ETH to a new address and began laundering the funds through the centralized mixer eXch, and then transferred them to bitcoin through Chainflip. The latter said that they have recorded attempts by the attackers to withdraw the stolen funds from Bybit in bitcoin through their platform. They disabled some front-end services, but it is impossible to completely stop the protocol, given its decentralized structure with 150 nodes.

The mETH Protocol team reported that they blocked the withdrawal of 15,000 cmETH (~$43.5 million) and redirected the assets from the attacker’s address to a recovery account. Tether CEO Paolo Ardoino said that the company froze 181,000 USDT related to the attack.

In a comment to ForkLog, Bitget CEO Gracie Chen emphasized that “the exchange’s systems have already blacklisted the attackers’ wallets.”

As of February 23, the attackers had exchanged 37,900 ETH (about $106 million) for bitcoin and other assets through Chainflip, THORChain, LiFi, DLN, and eXch. The hackers’ address still had 461,491 ETH of the 499,395 ETH stolen.

What to do?

After the hack, some community members started talking about rolling back the state of the Ethereum network to return the stolen funds. Thus, former BitMEX CEO Arthur Hayes noted that as an investor with large ETH reserves, he would support the community’s decision in the event of a chain rollback to an earlier state – as after the hack of The DAO in 2016.

Bitcoin maximalist Samson Mow also spoke out in support of restoring the blockchain, but leading Ethereum developer Tim Beiko criticized the idea. According to him, the Bybit incident involved an incorrect presentation of transaction data in the hacked interface, and not technical problems.

In addition, after the hack, the funds quickly spread across the complex ecosystem of the second-largest cryptocurrency by capitalization. “Rolling back” the network would mean canceling many legitimate transactions, some of which are related to actions outside the Ethereum network. The Vice President of Yuga Labs, nicknamed Quit, also drew attention to this. He added that many ordinary users would lose money, and the accounting systems of large players like Circle and Tether would collapse.

What’s the bottom line

The Bybit hack turned out to be the largest in the crypto industry so far. However, the head of Bitget did not find any reason to panic: according to her, the losses are equivalent to Bybit’s annual profit ($1.5 billion), and clients’ funds are completely safe.

The incident did not affect market sentiment either. According to Glassnode, the implied volatility of the first cryptocurrency is close to record lows. Price fluctuations against the backdrop of the hacker attack decreased after Strategy founder Michael Saylor published a chart of the company’s coin purchases.

This time, there was no platform crash or market panic, and a quick response and community participation helped restore liquidity and partially block the stolen assets. However, the incident highlighted a persistent problem – even large centralized platforms are still susceptible to attacks and vulnerable to hackers.

The Application of AI towards Real Time Fraud Detection on Digital Payments

Posted on by Editorial Team

The growth and development of the internet coupled with advanced digital communication systems has greatly transformed the global economy, especially in the area of commerce. Fraud attempts, on the other hand, have become more diverse and sophisticated over time, costing businesses and financial institutions millions of dollars each year. Fraudster activities and techniques have evolved from unsophisticated detection processes to contemporary automated methods based on rules through intelligent systems. Currently, artificial intelligence (AI) assists in both controlling and combating fraud, offering help to advance the sector of finance technology (fintech). In this article, we will explain the mechanics of AI in digital payments fraud detection focusing on the technical aspects, a real case, and relevant comments for mid-level AI engineers, product managers, and other professionals in fintech.

(um) let’s make tech work for us

The Increased Importance of Identifying Fraud In Real-Time

The volume and complexity of digital payments, which include credit card transactions, P2P app payments, A2A payments, and others, continue to rise. Between 2023 and 2028, Juniper Research estimates that the cost of online payment fraud will climb beyond $362 billion globally. Automated and social engineering attacks exploit weaknesses such as stolen credentials and synthetic identities, often attacking within moments. Outdated methods of fraud detection that depend upon static rules (‘flag transactions over $10,000’) are ineffective against these fast paced threats. Systems are overloaded and angry customers worsen the problem, all the while undetected fraud continues to sail through.

Thanks to AI. Now, everything is seconds away, (we’ll repeat) all because of AI. With machine learning, deep learning and real-time data processing, AI can evaluate large amounts of data, recognize patterns, adapt to changes, and detect anomalies, all in a matter of milliseconds. For professionals in fintech, this movement is both a chance and a challenge: build systems that are accurate, fast, and scalable all while reducing customer friction.

How AI-Fueled Real-Time Fraud Detection Works

AI-enhanced fraud detection is supported by three tiers: data, algorithms, and real-time execution. Let’s simplify this concept for a mid-level AI engineering or product management team. 

The Underlying Information: For any front line fraud detection system, a payment transaction generated in real-time must be coupled with rich and high-quality data. This means diverse data, which includes transaction histories, user behavior profile data, device fingerprints, IP geolocation, and external sources such as chatter from the dark web. For instance, a transaction attempted from a new device located in a foreign country can be flagged as suspicious, when it is combined with a user’s base spending patterns. AI systems pull this data through streaming services such as Apache Kafka, or even cloud-native solutions like AWS Kinesis, which promises low latency. Data engineers must be willing to collect clean basic structured datasets, because the system performs poorly when the data given is of poor granularity. This is a proven lesson learned many times in the past twenty years for me.

Algorithms: The realm of AI has brought super advanced machine learning models into the world of detecting fraudulent activities, and these models are the backbone of AI fraud detection. Models with supervised learning capabilities work with labeled datasets (e.g. “fraud” vs. “legitimate”) and are proficient in recognizing established fraud patterns. Due to their accuracy and interpretability, Random Forests, and Gradient Boosting Machines (GBMs) are among the most popular models. Unfortunately, fraud is evolving much faster than data can be labeled and this is where unsupervised learning comes in. Clustering algorithms DBSCAN or autoencoders do not need previous examples and can pull unusual transactions for review. For example, even in the absence of historical fraud signatures, the sudden spike in small, rapid transfers can be flagged as it might indicate money laundering. Detection is further improved by deep learning models, such as recurrent neural networks (RNNs), that observe time series data (e.g. transaction timestamp) for hidden patterns and relationships.

Execution In Real-Time: Time is of the essence with digital payments. The payment systems must make a decision to approve, decline, or escalate a transaction in less than 100 milliseconds. This is only achievable by using distributed computing frameworks such as Apache Spark’s batch processing and Flink’s stream real-time analysis processing. Scaling inference is done using GPU-accelerated hardware, e.g., millions of transactions per second through NVIDIA CUDA, allowing for easy handling of over a thousand transactions every second. Product managers should remember that latency trade-offs can be detrimental when the complexity of the model increases; a simpler logistic regression may be suitable for low-risk scenarios, while high-precision cases require complex neural networks.

Real-World Case Study: PayPal’s AI-Driven Fraud Detection

To illustrate AI’s impact, consider PayPal, a fintech giant processing over 22 billion transactions annually. In the early 2010s, PayPal faced escalating payment fraud, including account takeovers and stolen card usage. Traditional rule-based systems flagged too many false positives, alienating users, while missing sophisticated attacks. By 2015, PayPal had fully embraced AI, integrating real-time ML models to combat fraud – a strategy we’ve seen replicated across the industry.

PayPal’s approach combines supervised and unsupervised learning. Supervised models analyze historical transaction data—device IDs, IP addresses, email patterns, and purchase amounts—to assign fraud probability scores. Unsupervised models detect anomalies, such as multiple login attempts from disparate locations or unusual order sizes (e.g., shipping dozens of items to one address with different cards). Real-time data feeds from user interactions and external sources (e.g., compromised credential lists) enhance these models’ accuracy.

Numbers: According to PayPal’s public reports and industry analyses, their AI system reduced fraud losses by 30% within two years of deployment, dropping fraud rates to below 0.32% of transaction volume—a benchmark in fintech. False positives fell by 25%, improving customer satisfaction, while chargeback rates declined by 15%. These gains stemmed from processing 80% of transactions in under 50 milliseconds, enabled by a hybrid cloud infrastructure and optimized ML pipelines. For AI engineers, PayPal’s use of ensemble models (combining decision trees and neural networks) offers a practical lesson in balancing precision and recall in high-stakes environments.

Technical Challenges and Solutions

Implementing AI for real-time fraud detection isn’t without hurdles. Here’s how to address them:

  • Data Privacy and Compliance: Regulations like GDPR and CCPA mandate strict data handling. Techniques like federated learning—training models locally on user devices – minimize exposure, while synthetic data generation (via GANs) augments training sets without compromising privacy.
  •  Model Drift: Fraud patterns shift, degrading model performance. Continuous retraining with online learning algorithms (e.g., stochastic gradient descent) keeps models current. Monitoring metrics like precision, recall, and F1-score ensures drift is caught early.
  •  Scalability: As transaction volumes grow, so must your system. Distributed architectures (e.g., Kubernetes clusters) and serverless computing (e.g., AWS Lambda) provide elastic scaling. Optimize inference with model pruning or quantization to reduce latency on commodity hardware.

The Future of AI in Fraud Detection

Whatever the future holds, it’s clear that AI’s role will only become more pronounced. For one, Generative AIs such as large language models (LLMs) could develop new methods of simulating fraud, while the involvement of blockchain technology could guarantee that the leger’s transaction records are safe from any possible modification. Identity verification through biometrics face detection and voice recognition will limit synthetic identity fraud.

As was noted previously, the speed, accuracy, and adaptability of AI in real-time fraud detection can enable users to effortlessly pinpoint and eliminate issues within digital payments that rule-based systems cannot alleviate. While PayPal’s success is evidence of this capability, the journey is not easy and requires fundamental discipline along with a well-planned approach. Now, for AI engineers, product managers, and fintech professionals, moving into this space is no longer purely a career change; it is an opportunity to build a safer financial system for all.