INTERPOL's Global Stop-Payment Mechanism: A Deep Dive into the Largest-Ever Recovery of $42 Million Funds aided by I-GRIP Defrauded in a BEC Scam

Continue reading
Business Email Compromise (BEC) scams are a type of cybercrime where a malicious actor poses as a trusted figure and uses legitimate email tricking targets into sending money or divulging confidential company information. These attacks can occur in various ways, including gaining unauthorized access to a finance employee or a law firm's email account to send fake invoices or impersonating a third-party vendor to email a phony bill.
In mid-July 2024, an unnamed commodity firm based in Singapore fell victim to a BEC scam. The firm received an email from a supplier requesting that a pending payment be sent to a new bank account based in Timor-Leste.
However, the email came from a fraudulent account spelled slightly different from the supplier's official email address. The Singaporean company transferred $42.3 million to the non-existent supplier on July 19, only to realize the blunder on July 23 after the actual supplier said it had not been compensated.
INTERPOL's Global Rapid Intervention of Payments (I-GRIP) mechanism is a stop-payment mechanism that helps authorities trace, intercept, and freeze proceeds of crimes across borders.
By taking advantage of I-GRIP, authorities in Singapore managed to detect $39 million and froze the counterfeit bank account a day later.
Since its launch in 2022, I-GRIP has helped law enforcement intercept hundreds of millions of dollars in illicit funds.
Cryptonator, an online digital wallet and cryptocurrency exchange, was seized by law enforcement for allegedly receiving criminal proceeds of computer intrusions and hacking incidents, ransomware scams, various fraud markets, and identity theft schemes. Launched in December 2013 by Roman Boss, Cryptonator facilitated more than 4 million transactions worth a total of $1.4 billion.

*Seized Site*
This comprised money exchanged with darknet markets, scam wallet addresses, high-risk exchanges, ransomware groups, crypto theft operations, mixers, and sanctioned addresses.
The popularity of cryptocurrency has created plenty of opportunities for fraud, with threat actors constantly devising new ways to drain victims' wallets. Fraudsters are abusing legitimate blockchain protocols like Uniswap and Safe.global to conceal their malicious activities and siphon funds from cryptocurrency wallets.
Attackers leverage the Uniswap Multicall contract to orchestrate fund transfers from victims' wallets to their own. The Uniswap Multicall contract enables calling multiple methods in a single call to the contract.
Attackers have also been known to use the Gnosis Safe contracts and framework, coaxing unsuspecting victims into signing off on fraudulent transactions. The Gnosis Safe is a smart contract that uses multi-sig. It functions as a deployed smart contract with a public address. Transaction signing is done via a customized logic tailored for specific use.
INTERPOL is encouraging businesses and individuals to take preventative steps to avoid falling victim to BEC and other social engineering scams¹. As the landscape of cybercrime continues to evolve, it is crucial for organizations to stay informed about the latest threats and implement robust security measures to protect their assets and information.

U.S. Army recruiting pages hijacked to display fake 404 errors reading ‘Kurdistan’, exploiting a third-party tool and exposing .mil web security gaps.