The Philippines Department of Justice (DOJ) filed criminal charges against two Russians on July 9th. The two suspects, Sergey Yaschuck and Vladimir Evgenevich Avdeev, allegedly hacked Coins.ph, a Philippines-based crypto exchange, and stole $7 million worth of XRP.
Also Read: EigenLayer threatened by Sybill attack with up to 50% fake delegations
The Philippines DOJ presented the charges before the Taguig Trial Court, alleging that Vladimir Evgenevich Avdeev and Sergey Yaschuck violated the country’s Cybercrime Prevention Act of 2012. The two suspects allegedly stole 12.2 million XRP, amounting to PHP 340 million, from Coins.ph, a crypto exchange based in the Philippines.
According to the Philippines DOJ, Yaschuck’s indictment involves three counts of cybercrime-related activities, while that of Avdeev involves 23 counts. Each count’s bail is set at PHP 120,000 (for both defendants).
Yaschuck and Avdeev are former consultants for the exchange. They are believed to have used their knowledge of the company’s internal structure to breach security protocols and gain illegal access to the funds. Coins.ph also confirmed that the hack would only have been executed by individuals with insider information on access key protocols, server systems, and network infrastructure.
The Philippines DOJ believes the suspects attempted to hide their trail
After successfully robbing the exchange, the two suspects reportedly attempted to hide their tracks. They engaged in a series of transfers to numerous cryptocurrency exchanges to hide the origin and destination of the funds and confuse investigators.
Yaschuck and Avdeev allegedly transferred the stolen digital assets through the crypto exchange OKX, the cross-blockchain exchange OrbitBridge, the European crypto-to-fiat exchange WhiteBIT, two non-custodial exchanges ChangeNOW, SimpleSwap, Fixed Float, as well as other destinations.
The exchange alerted WhiteBIT, which swiftly blocked a transaction involving 445,000 stolen XRP. The European exchange also alerted blockchain analysis firms Chainalysis and Cristal, which proceeded to flag the addresses related to the malicious transactions. The hack took place on October 17, 2023, in what is believed to be a 30-minute window.
According to blockchain explorer XRP Scan data, the hackers exchanged 999,999.999 XRP lots 13 times alongside another 200,000 XRP lots.
Crypto exchanges are hot targets for hackers
Blockchain research firm TRM Labs reported on July 5th that hacker incidents in the crypto industry have increased significantly in the first half of the year. The research firm released findings that indicated hackers stole $1.38 billion from January to June, compared to $657 million in the same timeframe last year.
TRM Labs said that the top 5 hacks of 2024 accounted for 70% of the total value of digital assets stolen as of June. TRM Labs’s report also highlighted that hackers mostly used stolen private keys and address poisoning to gain access to victims’ funds.
Exchanges have become a honeypot for hackers. On May 31st, Japanese cryptocurrency exchange DMM Bitcoin reportedly lost more than 4,500 bitcoins, worth more than $300 million at the time, to attackers through an “unauthorized leak.” The DDM Bitcoin hack is currently the largest in 2024.