Hackers threatening to release sensitive data: should you be concerned?
Disclosure: The views and opinions expressed here belong solely to the author and do not represent the views and opinions of crypto.news’ editorial.
According to a report by the nonprofit Identity Theft Resource Center, the number of online attacks on small businesses increased by 28 percent in 2023. But this year, hackers slipped back into their old habits and once again began targeting large, data-rich organizations with lots of cash and digital assets.
During this year of 2024, 20 significant hacks have been undertaken by cybercriminals from the top 10 countries ranked for the first time according to recent research from Oxford University based on a World Cybercrime Index (WCI) cybercrime threat score: Russia (58.39), Ukraine (36.44), China (27.86), the United States (25.01), Nigeria (21.28), Romania (14.83), North Korea (10.61), the United Kingdom (9.01), Brazil (8.93), India (6.13).
During May alone, there were back-to-back mega hacks with digital asset considerations.
The Russian-speaking hacker group RansomHub undertook its historic hack of top auction house Christies, which had global sales revenues of $6.2 billion in 2023. The skilled extortionist hackers smugly also took credit for hacking Frontier Communications, which provides internet services via eight partners in more than 25 states in the US that reported $5.75 billion in revenues in 2023.
Owned by French billionaire Francois Pinault—who also owns the luxury goods group Kering that has an entire team dedicated to web3 and metaverse—Christie’s sells NFTs and is credited with selling one of the highest-priced NFTs: Beeple’s “Everydays” for $69.5 million back in 2021. The cyberattack on Christie’s was carried out by RansomHub ahead of the New York Auction Week, where $922 million of art was auctioned off after Christie’s accidentally exposed the location data for hundreds of consigned works last year. RansomHub is attempting to shakedown Christie’s and is threatening to auction off “sensitive personal information” about at least 500,000 of its high net-worth clients to the highest bidder on the dark web.
Not to minimize RansomHub’s hacking accomplishments, but the biggest hack during May was by the notorious cyber-criminal group ShinyHunters, which took credit for a long list of hacks since 2020, including Banco Santander on May 30. ShinyHunters is one of the biggest in history in terms of global victims; this group hacked more than half a billion—560 million, to be precise—of a treasure trove of sensitive user information, including full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data from world’s largest event ticket seller Ticketmaster/Live Nation which they are selling for $500,000 on the dark web. Ticketmaster/Live Nations controls 70% of ticket sales and is subject to a Department of Justice anti-trust lawsuit that could potentially lead to a breakup of the entertainment giant to allow more competition and to let smaller players gain more of the ticket-selling market.
Ticketmaster sells concert tickets in exchange for digital assets and offers NFT ticketing on Flow blockchain. Token-gated sales are compatible with tokens minted on Ethereum and stored in Dapp wallets such as MetaMask or Coinbase. Jennifer Lopez was selling token-gated tickets at Ticketmaster before abruptly canceling her tour “THIS IS ME…LIVE” on May 31.
These hacks are potentially problematic to digital asset owners because they could lead to the commission of further cybercrime down the road and potentially place sensitive taxpayer personal information in the hands of tax commissioners. The Australian government, which is part of the Joint Chiefs of Global Tax Enforcement (J5), announced that it is now working with Ticketmaster and the FBI to “better understand the incident.”
Top Internal Revenue Service (IRS) criminal investigation chief Guy Ficco reported an “uptick” in tax evasion related to ‘pure crypto tax crimes.’ As a result, the IRS reminded taxpayers that they’re generally required to report all earned income on their tax returns, including income earned from digital asset transactions, which could include selling NFTs or scalping token-gated event tickets.
The IRS warned wealthy individuals about three tax traps as part of the Dirty Dozen campaign, including Improper art donation deductions and NFTs designed for them by dishonest promoters and shady tax practitioners. The IRS also stated that in 2024, it will ramp up its audit efforts for high-income taxpayers, large partnerships, corporations, and digital asset accounts.[11]