$285 million gone: Drift Protocol breached and more

Fake illnesses fuel $20 million Mount Everest insurance scam

Nepalese authorities uncovered a large-scale insurance fraud linked to trekking expeditions near Mount Everest, alleging that guides and other tourism operators orchestrated fake medical emergencies to profit from helicopter rescues. According to investigators, the scheme involved deliberately making trekkers appear seriously ill or exaggerating mild altitude-related symptoms to justify costly air evacuations. In some cases, guides were accused of tampering with food or administering substances that caused stomach distress or resembled symptoms of altitude sickness.

Once guides staged an “emergency,” helicopters transported trekkers to hospitals, where they created fraudulent medical records and filed insurance claims. Officials say the racket also involved helicopter operators and hospital staff, who allegedly helped inflate or falsify invoices, sometimes billing insurers for individual flights even when multiple people shared a single helicopter. Authorities in Nepal charged 32 people in the scheme, which generated an estimated $20 million in fraudulent insurance payouts and affected thousands of foreign trekkers.

Crypto‑funded fake IDs land OnlyFake founder in court

The U.S. Department of Justice (DOJ) announced that Yurii Nazarenko pleaded guilty to running OnlyFake, an online service that sold counterfeit digital identification documents. According to prosecutors, customers used the website to create realistic images of fake IDs, including U.S. driver’s licenses, passports and U.S. Social Security cards. They also fabricated passports designed to pass online identity checks from dozens of other countries. In just three years of operation, OnlyFake produced more than 10,000 fake IDs and generated hundreds of thousands of dollars in revenue, with payments made in cryptocurrency, according to the DOJ.

Authorities say the service posed a serious risk because it allowed users to bypass Know Your Customer verification systems used by banks and crypto exchanges, facilitating fraud and money laundering. Nazarenko pleaded guilty to conspiracy to commit fraud related to identification documents and agreed to forfeit $1.2 million in proceeds. He faces a sentence of up to 15 years in prison.

Digital arrest fraud uncovered in India

Police in Maharashtra, India’s Beed district, arrested three people for allegedly cheating a local man out of 23.42 lakh (about $25,000) through a cybercrime known as a digital arrest scam. Investigators say the accused posed as police officials and contacted the victim, threatening to arrest him unless he paid money to resolve a fabricated case against him. Fearful of legal trouble, the man transferred large sums to bank accounts controlled by the suspects.

Authorities traced the transactions through technical analysis, leading to the arrest of the alleged perpetrator, his wife and an associate. Police recovered cash and froze bank accounts linked to the fraud. Further investigation is underway to identify additional suspects.

April Fool’s nightmare: $285 million vanishes from Drift Protocol

Drift Protocol, a major decentralized derivatives platform built on open-source blockchain platform, Solana, suffered a massive security breach on April 1, 2026, resulting in losses of about $285 million. The incident initially caused confusion because of its timing on April Fool’s Day, but Drift Protocol’s team confirmed the attack and urged users to stop interacting with the platform. As the exploit unfolded, the company halted deposits and withdrawals as data showed large amounts of assets being drained from its vaults.

Investigations indicate the attacker didn’t exploit a traditional smart contract bug. Instead, the breach involved compromised administrative access, allowing the hacker to introduce a fake token, manipulate price oracles and borrow real assets against it. Within minutes, funds including stablecoins and major cryptocurrencies were removed, cutting the platform’s total value by more than half and triggering a sharp drop in the native token. The attacker later moved portions of the stolen funds across blockchains. Security analysts and blockchain investigators described the attack as highly coordinated and possibly the result of months of preparation by North Korea.

Crystal Zuzek is associate editor of Fraud Magazine. Contact her at czuzek@acfe.com.