hodler

27 Feb 2026, 03:15

Crypto CEO Arrested: Shocking Twist as Executive Steals 22 BTC from Police Custody After Reporting Hack

BitcoinWorld Crypto CEO Arrested: Shocking Twist as Executive Steals 22 BTC from Police Custody After Reporting Hack SEOUL, South Korea – In a stunning reversal that exposes critical vulnerabilities in digital asset security protocols, authorities have arrested a cryptocurrency CEO for allegedly stealing 22 Bitcoin from police custody – the same coins he originally reported as stolen in a 2020 hack. This unprecedented case, first reported by Yonhap News, reveals how executives exploited law enforcement systems during financial distress, creating a complex web of deception that ultimately unraveled through forensic blockchain analysis. Crypto CEO Arrested in Elaborate Police Evidence Heist South Korean investigators have uncovered what they describe as one of the most audacious cryptocurrency crimes in recent memory. According to police documents obtained from the Seoul Metropolitan Police Agency, two men in their 40s – identified as the CEO and de facto operator of a local cryptocurrency firm – orchestrated the theft of digital assets worth approximately 1 billion won ($750,000) from the Gangnam Police Station’s evidence storage facility. The investigation determined the men accessed the Bitcoin while it was under official police protection, converting the cryptocurrency through sophisticated laundering techniques. Furthermore, forensic accountants traced the movement of funds across multiple exchanges. Consequently, they established a clear paper trail connecting the executives to the stolen assets. This case represents a significant breach of institutional trust. Additionally, it highlights growing concerns about insider threats within the cryptocurrency industry. Police have charged both individuals with multiple offenses including: Embezzlement of digital assets from police custody Fraudulent reporting of a fictional hack Obstruction of justice through false testimony Money laundering across international exchanges The Original 2020 Hack Report: Fabricated Crisis Authorities now believe the executives’ initial 2020 police report contained entirely fabricated claims. According to financial records reviewed by investigators, the company filed reports stating that “billions of won worth” of their proprietary tokens had disappeared through a sophisticated cyberattack. However, blockchain forensic analysis conducted by Chainalysis and local cybersecurity firm S2W revealed contradictory evidence. The table below compares the reported versus actual events: Reported Event (2020) Actual Event (2025 Investigation) External hackers breached company wallets Executives transferred funds to controlled addresses Loss of proprietary tokens worth billions Bitcoin assets secretly maintained under different keys Random criminal targeting Premeditated internal scheme during financial crisis Moreover, the investigation uncovered financial statements showing the company faced severe liquidity problems throughout 2019-2020. Police suspect the executives created the false hack narrative to explain missing funds to investors while secretly maintaining control of the assets. The Bitcoin remained accessible through private keys that never left the executives’ possession, despite being officially reported as stolen and surrendered to police evidence. Forensic Blockchain Analysis Unravels the Scheme Digital forensic specialists employed sophisticated tracing methodologies to connect the stolen police evidence to the executives’ personal accounts. According to Dr. Kim Jae-won, a blockchain security expert at Korea University, “The investigation required analyzing thousands of transactions across multiple blockchains. Eventually, pattern recognition software identified distinctive wallet clustering that pointed directly to the executives’ known addresses.” This technical breakdown reveals how modern cryptocurrency investigations combine traditional financial forensics with cutting-edge blockchain analytics. Additionally, exchange compliance officers provided crucial Know Your Customer (KYC) data that matched the executives’ identities to withdrawal requests. International cooperation through the Financial Action Task Force (FATF) protocols enabled tracking across jurisdictions. The recovered evidence shows the executives converted portions of the Bitcoin through: Peer-to-peer exchanges with minimal identification requirements Small transactions across multiple platforms to avoid detection thresholds Conversion to privacy-focused cryptocurrencies before cashing out Traditional banking channels once converted to fiat currency Broader Implications for Cryptocurrency Regulation and Security This case has triggered immediate policy reviews within South Korea’s financial regulatory framework. The Financial Services Commission (FSC) announced enhanced evidence handling protocols for digital assets following the security breach at the Gangnam Police Station. Specifically, authorities will implement multi-signature wallet requirements for all seized cryptocurrency, ensuring no single officer can access assets without multiple approvals. These measures address the vulnerability exploited in this case. Furthermore, cryptocurrency exchanges operating in South Korea now face stricter reporting requirements for large transactions connected to legal proceedings. The Korea Financial Intelligence Unit (KoFIU) has expanded its monitoring of judicial-related cryptocurrency movements. Industry experts warn that such incidents could undermine institutional adoption of digital assets. Jane Lee, a regulatory compliance specialist at Bithumb, notes, “This case demonstrates why robust custody solutions and independent auditing remain essential for mainstream cryptocurrency acceptance.” Historical Context: Evolving Cryptocurrency Crime Patterns This police evidence theft represents an evolution in cryptocurrency-related crimes. Initially, most incidents involved external hackers targeting exchanges or individual wallets. However, recent years show increasing instances of insider threats and institutional vulnerabilities. The 2022 FTX collapse revealed how executives could manipulate internal systems, while this Seoul case demonstrates how even law enforcement evidence storage faces sophisticated targeting. Comparative analysis shows distinct patterns emerging in Asian cryptocurrency markets where regulatory frameworks remain in development phases. South Korean authorities have prosecuted several high-profile cryptocurrency cases recently, including the 2023 V Global exchange scam that defrauded investors of approximately $1.8 billion. However, this police evidence theft represents a novel attack vector that bypasses traditional security measures. The table below illustrates the progression of major South Korean cryptocurrency crimes: Year Case Method Amount 2018 Coinone employee bribery Exchange listing manipulation $2.4 million 2020 Bitcoin savings fraud Ponzi scheme targeting retirees $18 million 2023 V Global exchange Multi-level marketing scam $1.8 billion 2025 Police evidence theft Insider access to custody $750,000 Conclusion The arrest of this crypto CEO for stealing Bitcoin from police custody represents a watershed moment for digital asset security and regulatory oversight. This case exposes vulnerabilities in institutional handling of cryptocurrency evidence while demonstrating the sophisticated forensic tools now available to investigators. As blockchain technology continues evolving, so too must the security protocols protecting digital assets – whether in private wallets or police evidence rooms. The Seoul investigation ultimately succeeded through international cooperation, advanced blockchain analytics, and traditional financial forensics, providing a template for future cryptocurrency crime investigations worldwide. FAQs Q1: How did the crypto CEO access Bitcoin in police custody? Investigators believe the executives maintained control of private keys despite surrendering the Bitcoin to police. The Gangnam Police Station stored the digital assets in a standard evidence locker without implementing multi-signature security protocols, creating a vulnerability the executives exploited during financial audits. Q2: What happened to the stolen Bitcoin after the theft from police evidence? Forensic analysis shows the executives converted the 22 Bitcoin through multiple cryptocurrency exchanges using sophisticated laundering techniques. They employed peer-to-peer platforms, divided transactions to avoid detection thresholds, and eventually converted portions to fiat currency through traditional banking channels. Q3: How did investigators connect the stolen Bitcoin to the executives? Blockchain forensic firms analyzed transaction patterns across multiple addresses, identifying wallet clustering that connected the stolen funds to known addresses controlled by the executives. Exchange KYC data and international cooperation through FATF protocols provided additional evidence linking the individuals to withdrawal requests. Q4: What security changes are South Korean authorities implementing after this incident? The Financial Services Commission announced enhanced evidence handling protocols including mandatory multi-signature wallets for all seized cryptocurrency, stricter access controls, and regular independent audits of digital asset evidence storage systems. Q5: How does this case affect cryptocurrency regulation in South Korea? This incident has accelerated regulatory discussions about institutional custody standards and evidence handling procedures. Exchanges now face stricter reporting requirements for transactions connected to legal proceedings, while police departments are implementing specialized digital evidence training programs. This post Crypto CEO Arrested: Shocking Twist as Executive Steals 22 BTC from Police Custody After Reporting Hack first appeared on BitcoinWorld .

26 Feb 2026, 23:30

'Upgraded Tornado Cash' Foom.Cash faces almost $2.3M loss in exploit

Foom.Cash, an Ethereum-based privacy protocol that positioned itself as an evolution of the sanctioned mixer Tornado Cash, has reportedly lost approximately $2.26 million in tokens after an attacker exploited a flaw in its cryptographic verification system, according to alerts issued by multiple blockchain security firms. The attack, which struck contracts on both the Ethereum and Base networks, drained 24,283,773,519,600 FOOM tokens, the platform’s native asset, in what security researchers have described as a copycat exploit replicating a near-identical vulnerability targeted in a separate protocol just days earlier. A single transaction on the Base network accounted for approximately $427,000 in losses attributed directly to the malicious actor. Transactions on Ethereum totaling around $1.83 million appear to have been part of a white-hat rescue operation. How did the exploit happen? BinanceLabs-led Web3 security network, GoPlus Security , flagged the attack, reporting that an incorrect verification key configuration allowed the attacker to forge zkSNARK proofs. This allowed them to fabricate cryptographic credentials that the protocol accepted as valid and then extract large volumes of tokens from the compromised contracts. Blockchain security platform, Certik, wrote on X , “The root cause may be the delta2==gamma2 setting of the Groth16 verifier at 0xc043865fb4D542E2bc5ed5Ed9A2F0939965671A6. This enables the exploiter to compute ‘pC’ needed for different ‘nullifierHash’ while all other inputs are the same, and repeatedly collect ZOOM tokens.” In short, a protocol whose marketing emphasized the near-impossibility of reversing its cryptographic protections was undone by a misconfiguration. BlockSec’s Phalcon monitoring system, which detected suspicious transactions across both networks in real time, stated that the incident appeared to be an imitation attack. The firm noted that the attack exploited the same root cause previously identified in the Veil Cash breach, which happened a few days prior. Although it is worth mentioning that the Veil Cash breach was more limited in scale, with losses contained to a small number of ETH, reportedly 2.9 ETH. What is Foom.Cash? Foom.Cash positions itself as a “ZKProof-powered Private Lottery Protocol” that combines the anonymity of Zcash, which operates as a standalone privacy chain, the accessibility of Ethereum’s DeFi ecosystem, and a built-in randomized reward mechanism. It is touted as an upgrade to Tornado Cash and an alternative to Zcash on Ethereum. Tornado Cash was sanctioned by the US Treasury in 2022, but the department lifted its sanctions on the platform in March 2025. According to the platform, it processes more daily transactions than Tornado Cash, boasts over eight million dollars in liquidity, and generates annual returns of 50 to 80% for liquidity providers. Privacy in DeFi has been experiencing renewed interest, with Zcash registering a significant price increase in recent months, and Foom.Cash sought to capitalize on that trend by offering privacy natively within Ethereum’s existing infrastructure. The platform used a specific variant called zkSNARKs, which is one of the key ingredients behind privacy guarantees in well-established protocols such as Zcash. What is Foom.Cash doing to recover funds and resolve the exploit? So far, the only mention of a recovery is tied to the second transaction of about $1.83 million, which security firms report to have been part of a white-hat rescue operation. However, the Foom.Cash team has yet to mention or acknowledge the hack. So, as of the time of writing, there is no information on the extent of the impact from the protocol or what the protocol is doing to mitigate future attacks. The whitehat recovery hints that the team may be working behind the scenes to recover the funds and resolve the underlying issues. Want your project in front of crypto’s top minds? Feature it in our next industry report, where data meets impact.

26 Feb 2026, 20:39

Shiba Inu Price Struggles Below 26-Day EMA — Is a Breakdown or Breakout Next?

Shiba Inu is once again testing a familiar ceiling. The 26-day exponential moving average (EMA) remains dynamic resistance, blocking what has been a fragile recovery attempt. The broader trend remains bearish, and the token's inability to reclaim this level with conviction is raising fresh concerns among market participants. SHIB is currently trading just below the 26 EMA. The structure on the chart tells a straightforward story: lower highs, lower lows, and rallies that fade before gaining traction. Each time the price approaches this moving average, sellers step in. Rallies are being used as exit points, not entry signals. That behavioral pattern is a hallmark of a market that has not yet found a floor. Volume data adds further context. Recent activity recorded approximately 374 billion SHIB changing hands. While the figure represents a visible attempt to push the price higher, it falls short of what has historically accompanied meaningful breakouts for the asset. The move reads more like a probe than a commitment. Technical Structure Remains Fragile The internal structure of SHIB's chart offers little optimism for bulls in the short term. The shorter-term EMAs remain positioned beneath longer-term trend lines. This alignment is textbook bearish. It signals that momentum has not shifted and that the path of least resistance remains to the downside. The Relative Strength Index (RSI) sits in neutral territory. It is neither flashing oversold conditions that might attract bargain hunters nor showing the kind of strength associated with a genuine trend reversal. A neutral RSI in the context of a downtrend often means one thing: the market is waiting. It has not made up its mind, and until it does, indecision tends to favor the existing trend. The ascending structure that emerged from recent local lows looked promising at first glance. On closer inspection, it lacks the volume support necessary to validate a recovery. Price can move higher on thin volume, but those moves rarely hold. What the chart currently reflects is a market attempting recovery without the participation required to sustain it. What a Breakout or Breakdown Would Mean Two scenarios are in play. The first involves a clean break above the 26 EMA on rising volume. Should buyers manage to flip this level into support, it would shift short-term sentiment meaningfully. A confirmed reclaim could trigger a short squeeze, pushing the price toward the next cluster of EMAs above. That outcome would represent a structural shift, not just a bounce. The second scenario is more likely given current conditions. A rejection at the 26 EMA sends SHIB back toward recent support zones. Weak volume on the current push leaves the token vulnerable. If broader crypto market sentiment turns cautious, that vulnerability becomes a liability. Price could retrace quickly and test demand at lower levels. At the time of writing, Shiba Inu is trading at around $0.00000599, down 6.33% in the last 24 hours.

26 Feb 2026, 19:00

Wondering What’s Going On With Solana? Projects Are Taking Massive Hit As Price Plunges

Solana projects Step Finance and its sister platforms have announced they are winding down operations following an exploit last month. This also comes as crypto prices struggle amid the current bear market , with SOL still below the psychological $100 level. Solana Projects To Wind Down Following Exploit And Amid Price Struggle In an X post , Solana DeFi aggregator Step Finance announced that it and its sister projects, SolanaFloor and Remora Markets, will be winding down all operations. This follows the hack towards the end of last month involving the firm’s treasury wallets , which resulted in a loss of around $40 million. Related Reading: This Analyst Predicted Solana Sell-Off At $250, And Is Back With A New Prediction StepFinance stated that following the hack, they explored every possible path forward, including financing and acquisition opportunities. However, the Solana project was unable to secure a viable outcome, which is why it has decided to end all operations effective immediately. The firm also revealed that it is working on a buyback for STEP holders based on a snapshot taken before the incident. The STEP token is down over 40% in the past week amid this announcement, currently trading at around 0.00060. The token is down by over 99% from its all-time high (ATH) of $10, set in August 2021. Furthermore, Step Finance stated that it is also working on a redemption process for Remora rToken holders, with these tokens still backed 1:1. Remora Markets, a tokenized stock marketplace on SOL, also confirmed that it is winding down operations alongside its parent company, Step Finance. Remora stated that they are currently working on a redemption process to allow holders to redeem their tokens for USDC and that they will share more details soon. Media Outlet To Also Wind Down Solana media platform Solana Floor, a sister company to Step Finance, also confirmed that it is winding down operations. The platform will no longer publish new content, but the existing website, videos, and newsletters will remain available as an archive. Solana wallet Solflare stated that it will pause its News section inside the wallet due to Solana Floor’s sunsetting. Related Reading: XRP, Solana Secure Inflows As Institutions Move $1 Billion Out Of Bitcoin And Ethereum Solflare also revealed that it is considering opening up the space to community-driven articles published directly in the wallet. This will include original long-form articles, fresh insights, analysis, and strong opinions, deep dives into SOL projects/trends, educational crypto explainers, and market analysis . Meanwhile, Step Finance co-founder George Harrap indicated that there was still the possibility of an acquisition of any of their projects. He stated that some people have reached out about acquiring various businesses and that they will pursue those if serious and have interest, but warned that they are working on a “time crunch. At the time of writing, the Solana price is trading at around $89, up 8% in the last 24 hours, according to data from CoinMarketCap.

26 Feb 2026, 14:29

IoTex Foundation pledges full reimbursement after $4.4 million bridge hack

The IoTeX Foundation has committed to providing full compensation to all users affected by last week’s $4.4 million bridge hack, as they pledged to use treasury funds to restore victims, whether or not IoTeX is able to recover the stolen assets from the attacker. The announcement came from their third incident update, following IoTeX’s mainnet resuming full operations on February 24, after two days of security upgrades that permanently blacklisted 29 hacker addresses and froze around 45 million IOTX tokens. The hack led to an immediate price dump of around 22%, dropping from $0.0054 to around $0.0042. The token has staged multiple attempts to reclaim pre-hack valuations, trading around $0.0048 currently. IOTX price has returned in the green since the project committed to $100% refunds to affected users. Source: CoinMarketCap Treasury-funded compensation regardless of recovery outcome In its latest report , the IoTeX project stated that “The IoTeX Foundation will ensure every affected user receives 100% compensation.” They also developed a compensation framework dividing users into two tiers. Tier 1 covers losses up to $10,000, which represents the vast majority of victims. They will receive full compensation immediately in stablecoins or native Ethereum assets. Tier 2 users with losses over $10,000 would receive their first $10,000 immediately, and their balances would be distributed over 12 months. They would also get a 10% bonus in annually staked IOTX, allowing them to receive 110% of their original losses. The compensation process will begin on Friday, February 27, when IoTeX publishes its official Recovery Deposit Address and Claims Portal. Affected users must withdraw any bridged assets from DeFi protocols, transfer them to the Recovery Deposit Address in single transactions by asset type, and then submit claims with wallet addresses and transaction hashes. The Foundation will then verify each claim against on-chain data before issuing compensation on Ethereum. However, users are warned not to split their balances or restructure holdings to circumvent tier thresholds, as such actions will result in flagged claims and loss of eligibility. Mainnet upgrade permanently blocks attacker access IoTeX mainnet has been fully operational since February 24, with Coinbase and MEXC among the first to restore full functionality. Afterwards, Binance and Upbit enabled withdrawals, while Bitget, Gate.io, OKX, Bithumb, KuCoin, HashKey Global, and BitMart are gradually coming back online. IoTeX coordinated with over 20 exchange partners and submitted formal documentation to DAXA (Korean Digital Asset Exchange Association). The security patch froze around 45 million IOTX tokens held in attacker-controlled wallets. According to the project, “These funds are now permanently inaccessible to the attacker. No transaction involving these addresses will ever be processed again.” IoTeX’s team also developed ioTrace to map the movement of stolen funds across blockchains in real time, allowing it to trace critical evidence across multiple chains, exchanges, and years of transaction history. IoTeX also plans to make ioTrace open source so that other projects can launch independent investigations without depending on other vendors. The Foundation also tracked more stolen assets across several chains. Apparently, the attacker swapped some tokens for 2,183 ETH, then converted the funds to Bitcoin (66.78 BTC) through THORChain. IoTeX identified four Bitcoin addresses currently holding the stolen assets and is coordinating with relevant exchanges to monitor for any potential deposit attempts. Mainnet restored with frozen attacker funds in 24 hours When the ioTube bridge hack was detected on February 21, IoTeX went into action immediately. Apparently, the attacker compromised a validator owner’s private key on Ethereum, upgraded the contract to bypass all security checks before draining $4.4 million in reserves, and then minted 410 million CIOTX tokens. Initial reports calculated figures as high as $8.8 million, but IoTeX stated that 99% of the minted tokens were locked or frozen, while only 0.4% were liquidated through DEXs . The CEO of IoTeX, Raullen Chai, also offered the hacker a 10% reward if they returned the other 90% of the stolen funds within two days. No one responded until the deadline passed yesterday. However, by the next day, IoTeX’s mainnet was back online, and the development team deployed Mainnet v2.3.4 on February 24, after coordinating with 36 other network delegates to implement robust security measures. The upgrade permanently blacklisted all 29 identified attacker wallet addresses at the blockchain protocol level, ensuring those addresses can never process another transaction again. Long-term security plans put in place Aside from the immediate mainnet upgrade, IoTeX is also implementing IIP-55, a governance protocol that will move bridge operations to a decentralized validator committee, thus eliminating the point of failure that enabled the attack. The project also put various other measures in place, adding multi-signature and time-lock controls on privileged operations, an independent audit of the ioTube infrastructure, on-chain circuit breakers, credential management programs, and a bigger bug bounty program. If you're reading this, you’re already ahead. Stay there with our newsletter .

26 Feb 2026, 03:30

Crypto Millions Finance Sale of Stolen US Trade Secrets, Treasury Says

The Treasury Department sanctioned a Russian exploit broker network accused of trafficking stolen U.S. trade secrets and government cyber tools for cryptocurrency, marking the first use of a key intellectual property law to counter escalating national security threats. Treasury Sanctions Crypto-Funded Exploit Ring Trading Stolen US Cyber Tools The U.S. Department of the Treasury announced