Every week, Information Security Media Group rounds up cybersecurity incidents in digital assets. This week, Step Finance shuts down, IoTeX bridge exploit, Russia-linked exchanges help evade sanctions, Australian charged in $3.5M scam, hacker returns $21M in seized bitcoin to South Korean prosecutors and Malaysia arrested 12 officers in an extortion case.
See Also: OnDemand | NSM-8 Deadline July 2022:Keys for Quantum-Resistant Algorithms Implementation
Step Finance, a Solana-based portfolio management platform, said it will cease operations after failing to recover from a Jan. 31 incident that drained $40 million from its treasury and fee wallets. In a post on social media network X, the team said it could not secure external liquidity and that acquisition talks and fundraising efforts collapsed in the weeks following the exploit.
The shutdown affects Step Finance and its subsidiaries, including media outlet SolanaFloor and tokenized equities platform Remora Markets. SolanaFloor will keep an archive of past content but stop publishing new material. Step Finance said it plans a buyback for STEP token holders based on a pre-hack snapshot. Remora Markets, which was isolated from the breach, is preparing a redemption process for rToken holders, backed 1:1 by USDC.
Crypto-AI project IoTeX suffered a cross-chain bridge exploit after attackers compromised a private key controlling its TokenSafe and MinterPool smart contracts. Blockchain security firm PeckShield and on-chain analyst Specter said the breach allowed the attacker to drain about $4.3 million in assets directly from a token vault. Later estimates put total losses at $8.8 million.
The attacker swapped the stolen tokens for ether on decentralized exchanges such as Uniswap and bridged about 45 ETH to the Bitcoin network using THORChain. Specter said the attacker also minted about 111 million CIOTX tokens and drained millions of additional tokens.
IoTeX acknowledged the incident, saying exchanges were helping trace and freeze funds and that it temporarily halted its blockchain. The company expects to restore operations within days and said that losses may be lower than early reports suggest.
A network of Russia-linked cryptocurrency exchanges is helping users bypass international sanctions through high-volume crypto transactions, blockchain analytics firm Elliptic said. The report identifies five platforms – most of them unsanctioned – that apparently provide financial channels outside traditional banking oversight as the European Union weighs a blanket ban on crypto dealings with Russia.
Only one exchange, Bitpapa, is sanctioned. The U.S. Department of the Treasury’s Office of Foreign Assets Control designated the peer-to-peer platform in March 2024. Elliptic found that nearly 10% of Bitpapa’s outgoing flows reach sanctioned entities and that it frequently rotates wallet addresses.
The report names ABCeX, Exmo, Rapira and Aifory Pro as additional conduits. Elliptic said ABCeX processed at least $11 billion in crypto and routed funds to previously sanctioned exchanges such as Garantex. It also found wallet links between Exmo and its Russian spinoff. Rapira and Aifory Pro allegedly facilitated transactions with other sanctioned platforms and enabled payments for restricted Western services.
Police in the Australian state of New South Wales charged a 42-year-old man over a cryptocurrency investment scam that defrauded more than 190 elderly and vulnerable people of five million Australian dollars, or $3.5 million. He received conditional bail and he is set to appear at Burwood Local Court on March 17.
Detectives from the NSW Police Cybercrime Squad’s Strike Force Resaca executed search warrants at properties in Strathfield and Cammeray, seizing electronic devices and documents. Police arrested the 42-year-old man in Strathfield and charged him with recklessly dealing with proceeds of crime tied to alleged money laundering through an online platform. Officers also detained a 36-year-old man in Cammeray but later released him pending further investigation.
Police allege the scammers approached victims on social media starting in November 2025, posing as investment advisers. They directed victims to deposit funds into a platform called NEXOpayment, which allegedly funneled money through multiple crypto wallets and exchanges in a laundering pattern.
South Korean prosecutors reportedly recovered about $21.4 million worth of bitcoin stolen from government custody last year. The Gwangju District Prosecutors’ Office discovered in December 2025 that hackers had drained cryptocurrency seized during a raid on an illegal gambling platform. An internal probe found that investigators accidentally entered recovery seed phrases into a phishing website in August.
The hacker has now returned 320.8 BTC to the authorities’ wallet. Prosecutors said they had blocked transactions between the hacker’s wallet and centralized exchanges, limiting the attacker’s ability to cash out. Officials have transferred the recovered bitcoin to a local exchange for safekeeping and continue to look for the suspect.
The breach has triggered a nationwide review of how law enforcement agencies manage seized digital assets. A separate investigation recently found that Seoul’s Gangnam Police Station also lost track of 22 BTC held in cold storage since 2021 (see: Cryptohack Roundup: Probe Into Missing Seized Bitcoin).
Malaysian authorities arrested 12 police officers accused of extorting about 200,000 ringgit, or $51,000, in cryptocurrency from eight Chinese nationals during a midnight raid near Kuala Lumpur, reported the South China Morning Post.
Selangor police chief Shazeli Kahar said the arrests followed a Feb. 6 complaint from one of the alleged victims, who claimed officers stormed a bungalow in Kajang, seized phones and laptops, and forced a transfer of digital assets to a designated crypto account. The police are investigating the case as a gang robbery involving a foreign national’s cryptocurrency.
