An unknown actor has drained over 8,000 internet-connected wallets in an ongoing attack on the Solana blockchain ecosystem. According to Blockchain auditor OtterSec, the attacks were still ongoing when it posted an update in the evening of August 2nd and that they had affected multiple wallets, including Phantom, Slope, Solflare and TrustWallet, across a wide variety of platforms.

As TechCrunch notes, the bad actor seems to have stolen both Solana tokens and USDC stablecoins, with the estimated losses so far amounting to around $8 million. OtterSec is now encouraging users to move all their assets to a hardware wallet, and the Solana Status Twitter account echoed that advice, adding that there’s no evidence “cold” wallets have been impacted.

The Solana Status account has also revealed that an exploit allowed a malicious actor to drain funds from the compromised wallets and that it seems to have affected both their mobile versions and extensions. Engineers from multiple ecosystems have already banded together to work with security researchers to identify the root cause of the exploit, which is yet to be discovered.

[…]

Source: Solana ‘hot’ wallets are being drained in multi-million dollar attack | Engadget

As evidenced by its namesake, apparently there wasn’t much security stopping a hoard of wandering strangers from breaking into the Nomad DeFi project’s token bridge, allowing hundreds of unknown hackers and some users to walk away with over $190 million crypto, leaving behind a bare pittance in the project’s wallet.

Late on Monday, users started noticing tokens being extracted from Nomad’s accounts “in million-dollar increments.” Crypto security company CertiK confirmed in a Tuesday analysis that the bridge protocol, which allows users to send tokens between separate blockchains, had been breached thanks to a routine upgrade that allowed bad actors to skip verification messages. CoinTelegraph reported that the first transaction, likely the initial hacker, managed to remove about $2.3 million in crypto from the bridge.

Apparently, this breach further allowed other users to exploit the bridge, turning it essentially into a Black Friday-esque free-for-all. CertiK’s analysis further said the vulnerability was in the token bridge’s initialization process, introduced in the flawed upgrade, allowing users to copy and paste the original hackers transaction number and replace it with a personal one. Researchers said in just four hours, other hackers, bots, and even community members drained the protocol in a “frenzied mob.”

The crypto developer who goes by Foobar on Twitter wrote that this attack was “the first decentralized crowd-looting of a 9-figure bridge in history.” There are hundreds of addresses that show they’ve received tokens from the bridge during the exploit.

Some users have actually gone back to the protocol, hanging their heads in shame and offering to return the stolen funds. Some claimed it was “an accident,” while others said they were trying to protect their friend’s assets, according to screenshots posted by Foobar. DefiLlama shows that the current value of the blockchain is sitting at just a little under $16,000.

[…]

Source: Nomad Bridge Hack Allowed ‘Mob’ to Drain Millions in Crypto

In a setback for Visa in a case alleging the payment processor is liable for the distribution of child pornography on Pornhub and other sites operated by parent company MindGeek, a federal judge ruled that it was reasonable to conclude that Visa knowingly facilitated the criminal activity.

On Friday, July 29, U.S. District Judge Cormac Carney of the U.S. District Court of the Central District of California issued a decision in the Fleites v. MindGeek case, denying Visa’s motion to dismiss the claim it violated California’s Unfair Competition Law — which prohibits unlawful, unfair or fraudulent business acts and practices — by processing payments for child porn. (A copy of the decision is available at this link.)

In the ruling, Carney held that the plaintiff “adequately alleged” that Visa engaged in a criminal conspiracy with MindGeek to monetize child pornography. Specifically, he wrote, “Visa knew that MindGeek’s websites were teeming with monetized child porn”; that there was a “criminal agreement to financially benefit from child porn that can be inferred from [Visa’s] decision to continue to recognize MindGeek as a merchant despite allegedly knowing that MindGeek monetized a substantial amount of child porn”; and that “the court can comfortably infer that Visa intended to help MindGeek monetize child porn” by “knowingly provid[ing] the tool used to complete the crime.”

 

 

“When MindGeek decides to monetize child porn, and Visa decides to continue to allow its payment network to be used for that goal despite knowledge of MindGeek’s monetization of child porn, it is entirely foreseeable that victims of child porn like plaintiff will suffer the harms that plaintiff alleges,” Carney wrote.

In a statement, a Visa spokesperson said: “Visa condemns sex trafficking, sexual exploitation and child sexual abuse materials as repugnant to our values and purpose as a company. This pre-trial ruling is disappointing and mischaracterizes Visa’s role and its policies and practices. Visa will not tolerate the use of our network for illegal activity. We continue to believe that Visa is an improper defendant in this case.”

A rep for MindGeek provided this statement: “At this point in the case, the court has not yet ruled on the veracity of the allegations, and is required to assume all of the plaintiff’s allegations are true and accurate. When the court can actually consider the facts, we are confident the plaintiff’s claims will be dismissed for lack of merit. MindGeek has zero tolerance for the posting of illegal content on its platforms, and has instituted the most comprehensive safeguards in user-generated platform history.”

The company’s statement continued, “We have banned uploads from anyone who has not submitted government-issued ID that passes third-party verification, eliminated the ability to download free content, integrated several leading technological platform and content moderation tools, instituted digital fingerprinting of all videos found to be in violation of our Non-Consensual Content and CSAM [child sexual abuse material] Policies to help protect against removed videos being reposted, expanded our moderation workforce and processes, and partnered with dozens of non-profit organizations around the world. Any insinuation that MindGeek does not take the elimination of illegal material seriously is categorically false.”

[…]

Source: Visa ‘Intended to Help’ Pornhub, MindGeek Monetize Child Porn: Ruling – Variety

Babel Finance, the Hong Kong-based crypto lender, apparently had other designs when its worldwide user base handed over their crypto to the company than just borrowing and lending. It seems to have been doing what everyone else does with crypto, rapidly speculating and trying to make “line go up.” Of course, all that changed when the line no longer went up.

The Block reported based on restructuring proposal documents that Babel Finance had lost 8,000 bitcoin and 56,000 ether in June, worth close to $280 million, though of course the price is constantly fluctuating. The company had apparently been conducting proprietary trading with customers’ funds. It remains unclear based on reporting if users were/are aware their crypto was/is being used in this way.

Source: Babel Traded $280 Million of Users’ Crypto, Lost it All

The Cyberspace Administration of China has fined ride-sharing company DiDi global ¥8.026 billion ($1.2 billion) for more than 64 billion illegal acts of data collection that it says were carried out maliciously and threatened national security.

Yes, we do mean billion. As in a thousand million.

The Administration enumerated DiDi’s indiscretions as follows:

• 53.976 billion pieces of information indicating travellers’ intentions were analyzed without informing passengers;
• 8.323 billion pieces of information were accessed from users’ clipboards and lists of apps;
• 1.538 billion pieces of information about the cities in which users live were analyzed without permission;
• 304 million pieces of information describing users’ place of work;
• 167 million user locations were gathered when users evaluated the DiDi app while it ran in the background;
• 153 million pieces of information revealing the drivers’ home and business location;
• 107 million pieces of passenger facial recognition information;
• 57.8 million pieces of driver’s ID number information in plain text;
• 53.5092 million pieces of age information;
• 16.3356 million pieces of occupation information;
• 11.96 million screenshots were harvested from users’ smartphones;
• 1.3829 million pieces of family relationship information;
• 142,900 items describing drivers’ education.

The Administration (CAC) also found DiDi asked for irrelevant permissions on users’ smartphones and did not give an accurate or clear explanation for processing 19 types of personal information.

The fine levied on DiDi is not a run of the mill penalty. The Administration’s Q&A about the incident points out that the fine is a special administrative penalty because DiDi flouted China’s Network Security Law, Data Security Law, and Personal Information Protection Law – and did so for seven years in some cases.

The Q&A adds that China has in recent years introduced many data privacy and information security laws, so it’s not as if DiDi did not have good indicators that it needed to pay attention to such matters.

The fine is around 4.7 percent of DiDi’s annual revenue – just short of the five percent cap on such fines available to Chinese regulators.

[…]

Source: China fines ride-share outfit DiDi $1.2bn for data abuse

Android developers who distribute apps on the Google Play store can now use third-party payment systems in many European countries. The measure applies to the European Economic Area (EEA), which comprises European Union states as well as Iceland, Liechtenstein and Norway. However, the policy will not apply to gaming apps, which still need to use Google Play’s own billing system for the time being.

Google is making the move after the EU’s legislative arm, the European Commission, passed the Digital Markets Act (DMA) this month. Along with the Digital Services Act, the law is designed to rein in the power of big tech by, for instance, prohibiting major platform holders from giving their own systems preferable treatment.

The DMA isn’t expected to come into effect until sometime in 2024. However, Google’s director of EU government affairs and public policy, Estelle Werth, wrote in a blog post that the company is “launching this program now to allow us to work closely with our developer partners and ensure our compliance plans serve the needs of our shared users and the broader ecosystem.”

The move partially reverses a policy that required all in-app payments to be processed through the Play Store’s billing system. Developers who opt for a different billing system won’t be able to avoid Google’s fees entirely. However, Google will lower the service fees it charges them by three percent.

Google says that 99 percent of developers qualify for a fee of 15 percent or less. The others typically pay 30 percent. The fees Google charges would drop to 12 percent (or lower) or 27 percent, respectively, if they select a third-party billing system.

[….]

Source: Google allows Android apps to use third-party payments in the EU | Engadget

A London court on Tuesday authorized a lawsuit that seeks to have Google pay £920 million ($1.1 billion) for overcharging customers for app store purchases.

Filed as a class action on behalf of 19.5 million UK citizens, the suit alleges Google charged commission fees up to 30 percent on app sales. Consumer rights advocate Liz Coll, who previously served as digital policy manager at consumer rights organization Citizens Advice, brought the lawsuit, alleging Google has violated both EU and UK competition laws.

Representatives for the claimant group told Reuters that a detailed judgment has yet to be published, but the initial filing made in July 2021 specifies that Google violated multiple sections of the Competition Act 1998.

For incidents happening before the UK left the EU, the suit also alleged violations of Article 102 of the Treaty on the Functioning of the EU, which covers abuse of dominant market positions.

Source: UK court okays $1.1b Play Store gouging suit against Google

Google has counter-sued Match seeking monetary damages and a judgement that would let it kick Tinder and the group’s other dating apps out of the Play Store, Bloomberg has reported. Earlier this year, Match sued Google alleging antitrust violations over a decision requiring all Android developers to process “digital goods and services” payments through the Play Store billing system.

Following the initial lawsuit in May, Google and Match reached a temporary agreement allowing Match to remain on the Play Store and use its own payments system. Google also agreed to make a “good faith” effort to address Match’s billing concerns. Match, in turn, was to make an effort to offer Google’s billing system as an alternative.

However, Google parent Alphabet claims that Match Group now wants to avoid paying “nothing at all” to Google, including its 15 to 30 percent Play Store fees, according to a court filing. “Match Group never intended to comply with the contractual terms to which it agreed… it would also place Match Group in an advantaged position relative to other app developers,” the document states.

Match group said that Google’s Play Store policies violate federal and state laws. “Google doesn’t want anyone else to sue them so their counterclaims are designed as a warning shot,” Match told Bloomberg in a statement. “We are confident that our suit, alongside other developers, the US Department of Justice and 37 state attorneys general making similar claims, will be resolved in our favor early next year.”

Match is referring to an antitrust action launched last year by States and the federal government probing Google’s Play Store fees. Shortly before that, Google dropped its fee on app developer revenue to 15 percent on the first $1 million, and 30 percent after that. At the same time, it announced it would enforce a policy requiring all developers to process payments through the Play Store’s billing system. Earlier this year, a Senate bill moved forward targeting in-app payments in both Google and Apple’s stores.

Source: Google files a lawsuit that could kick Tinder out of the Play Store | Engadget

Greedy bastards at Google – nope, you can’t force a marketplace on people and you can’t force these fees on them either.

[…]

On its ConnectedDrive Store in South Korea, BMW owners can pay a monthly fee to have a creature comfort such as heated seats. It costs ₩24,000 or approximately $18 at current exchange rates. Alternatively, you can get a one-year plan for $176 or a three-year subscription for $283.

The BMW ConnectedDrive Store is a portal used by existing owners to download a variety of apps. It’s all done over the air, without having to visit a dealer to have the new software installed. With heated seats, the German luxury brand is kind enough to provide a one-month test period free of charge. Should you want the feature permanently, that’ll set you back $406.

A similar subscription plan is offered for a heated steering wheel and it costs $10 per month, $92 annually, and $161 for three years. You can also buy it outright for $222. Do you want wireless Apple CarPlay? That’ll be $305. The store also allows BMW customers to upgrade the headlights to include a high-beam assistant, additional safety systems, and the camera-based Driver Recorder.

One of the most unusual items found in the BMW ConnectedDrive Store is called IconicSounds Sport. It essentially plays fake engine noises through the car’s speakers should you be willing to pay $138 to have the feature permanently. There are no monthly or yearly subscription plans available for this “feature.”

[…]

We can already imagine a smartphone-like jailbreak to unlock these goodies without having to pay the automaker. Doing so will likely result in voiding the warranty after taking down the automaker’s paywall. Even if someone is willing to wait until the warranty expires, chances are that person will hack the car the very next day to “download” all the available features.

Of course, this isn’t something new as upgrades through the OBD port have been around for many years, especially for VAG products.

Source: BMW Heated Seats Subscription Is Real And It Costs $18 Per Month

Wait, so you actually already paid for these features when you bought the car but to use them you have to keep paying?

As for the hacks, you can change the actual sound output here: Engine Sound Setting Coding Tutorial w/ Bimmercode

We have done many, many posts explaining how, unfortunately, it seems the idea of a person owning the things they’ve bought has become rather passe. While in the age of antiquity, which existed entire tens of years ago, you used to be able to own things, these days you merely license them under Ts and Cs that are either largely ignored and clicked through or that are indecipherable, written in the otherwise lost language known as “Lawyer-ese”. The end result is a public that buys things, thinks they retain ownership over them, only to find out that the provider of the things alters them, limits their use, or simply erases them from being.

Take anyone who bought a movie distributed by StudioCanal in Germany and Austria through Sony’s Playstation store, for instance. Sony previously had a deal to make those movie titles available in its store, but declined to continue offering movies and shows in 2021, stating that streaming services had made the deal un-competitive.

Sony’s PlayStation group stopped offering movie and TV show purchases and rentals, as of Aug. 31, 2021, citing the rise of streaming-video services. At the time, Sony assured customers that they “can still access movie and TV content they have purchased through PlayStation Store for on-demand playback on their PS4, PS5 and mobile devices.

And when Sony said that, it apparently forgot to add two very important words to its statement: “for now.” Instead, Sony decided to drop the bomb with yet another statement regarding StudioCanal content in Germany and Austria. It essentially amounts to: hey fuckers, that shit you bought is about to disappear, mmkay bye.

“As of August 31, 2022, due to our evolving licensing agreements with content providers, you will no longer be able to view your previously purchased Studio Canal content and it will be removed from your video library,” the notices read. “We greatly appreciate your continued support.”

Poof, it’s gone! That remark about appreciating the public’s “continued support” seems more like begging than acknowledging reality. Especially once you start asking the questions that immediately leap to mind.

For example: will customers get a refund for the movies that they bought and now can’t access? As per the source article “it’s unclear”, which likely means “hahahahaha nope.” How many movies were delisted? Literally hundreds. Are these just small-time movies? Nope, they include AAA titles like The Hunger Games and John Wick.

And so a whole bunch of people are going to find out that they didn’t buy anything, they rented some movies for a previously indefinite period of time that just became definite, long after the purchase was made. It’s hard to imagine something more anti-consumer than that.

Source: You Don’t Own What You’ve Bought: Sony Removes 100s Of Movies Bought Through PS Store | Techdirt

This graphic compares the cost of living and purchasing power of 578 cities worldwide, using New York City as a benchmark for comparison.

Source: Comparing the Cost of Living Around the World

What they do is compare cost of living to purchasing power. There are some surprising results. The graphic in the link allows you to hover over it.

[…]

the European Union has passed a pair of landmark bills designed to rein in Big Tech’s power. The Digital Markets Act and Digital Services Act are intended to promote fairer competition, improve privacy protection, as well as banning both the use of some of the more egregious forms of targeted advertising and misleading practices.

The Digital Services Act, for instance, focuses on online platforms like Facebook, Amazon and Google. They will be tasked with being more proactive both with content moderation and also to prevent the sale of illegal or unsafe goods being sold on their platforms. Users will also be able to learn how and why an algorithm recommended them a certain piece of content, and to challenge any moderation decision that was made algorithmically. Finally, companies will no longer be able to use sensitive personal data for ad-targeting, sell ads to children, or use dark patterns — deceptive page design that can manipulate you into saying yes to something even when you’d much rather say no, such as joining a service or preventing you from leaving one you no longer wish to use.

These obligations operate on a sliding scale, and so the largest platforms will have the greatest obligations placed upon them. Platforms with 45 million or more monthly users will be subject to independent auditing to ensure they are preventing fake news and illegal content. Those platforms will also have to open up their algorithms and data to (approved) researchers to enable them to study the effects, and potential harm, the systems can cause.

The Digital Markets Act, meanwhile, is more focused on preventing dominant platform holders, like Google, Microsoft and Apple, from abusing their scale. This includes offering better interoperability with smaller, rival services, ensuring files can be sent between systems. There is also a large carve-out for app storefronts, with developers now entitled to contact their customers about deals without going via the platform holder in question. And platform holders will no longer be able to give their systems favorable treatment, such as when Google promoted its own shopping service over that of rivals.

The EU has given both bills plenty of teeth, and can dole out a maximum penalty of 10 percent of its total worldwide turnover from the previous year, should regulators find non-compliance. This figure will, however, jump to 20 percent of worldwide turnover if officials find “repeated non-compliance.” That’s a hefty figure big enough that not even Apple would be able to stomach losing on a regular basis. Although, as with GDPR regulation, the EU still has questions to answer about how much effort, time and money it’s prepared to put behind a body to monitor big tech.

Now that they have been passed, the Digital Services Act will come into force by 1st January 2024 (unless some procedural stuff delays it) while the Digital Markets Act will come into force at some point soon after, and major platforms — dubbed “Gatekeepers” will have a further six months to get their houses in order before the new rules apply to them.

Source: European Union passes landmark laws to rein in big tech | Engadget

The European Commission has set up a taskforce, with about 80 officials expected to join up, which critics say is inadequate. Last month it put out a 12 million euro ($12.3 million) tender for experts to help in investigations and compliance enforcement over a four-year period.

EU industry chief Thierry Breton sought to address enforcement concerns, saying various teams would focus on different issues such as risk assessments, interoperability of messenger services and data access during implementation of the rules.

Regulators will also set up a European Centre for Algorithmic Transparency to attract data science and algorithm scientists to help with enforcement.

“We have started to gear the internal organisation to this new role, including by shifting existing resources, and we also expect to ramp up recruitment next year and in 2024 to staff the dedicated DG CONNECT team with over 100 full time staff,” Breton said in a blogpost.

[…]

“We raised the alarm last week with other civil society groups that if the Commission does not hire the experts it needs to monitor Big Tech’s practices in the market, the legislation could be hamstrung by ineffective enforcement,” BEUC Deputy Director General Ursula Pachl said in a statement.

The DMA is set to force changes in companies’ businesses, requiring them to make their messaging services interoperable and provide business users access to their data.

Business users would be able to promote competing products and services on a platform and reach deals with customers off the platforms.

Companies will not be allow to favour their own services over rivals’ or prevent users from removing pre-installed software or apps, two rules that will hit Google and Apple hard.

The DSA bans targeted advertising aimed at children or based on sensitive data such as religion, gender, race and political opinions. Dark patterns, which are tactics that mislead people into giving personal data to companies online, will also be prohibited

Source: EU lawmakers pass landmark tech rules, but enforcement a worry

On 23 December 2021, the Netherlands Authority for the Financial Markets (AFM) appears to have imposed an administrative fine of 2 million euros on the DeGiro of the German company flatexDEGIRO Bank AG (FlatexDeGiro) because the online broker reported unusual transactions too late and incorrectly to Financial Intelligence. Unit – Netherlands (FIU).

DeGiro did this late in 27 cases and an incorrect transaction date was reported in ten cases. Unusual transactions may indicate money laundering by investors.

Investment firms, such as DeGiro, are required to report unusual transactions to the FIU. DeGiro made a total of 36 reports from mid-2019 to mid-2020. The majority of those reports came in too late, sometimes a few months after the legal deadline.

The transaction date was also incorrect for almost one in three. In doing so, DeGiro violated the Money Laundering and Terrorist Financing Prevention Act (Wwft). Because DeGiro was absorbed into FlatexDeGiro through a legal merger in May 2021, the fine is imposed on that company.

Source: Fikse boete voor onlinebroker DeGiro – Emerce (original in Dutch)

FBI officials and federal prosecutors announced Ignatova’s new designation in a press conference Thursday. Ignatova was charged in 2019 with wire fraud, securities fraud, and conspiracy to commit money laundering for her part in the OneCoin crypto company that prosecutors alleged was just a ponzi scheme.

Michael Driscoll, the FBI’s assistant director-in-charge for New York declined to answer Reuters’ questions whether they had any leads, but said Ignatova “left with a tremendous amount of cash,” adding, “money can buy a lot of friends.”

Ignatova was part of a Bulgaria-based crypto company called OneCoin. The company claimed they were performing a regular crypto mining operation—generating new tokens added to a blockchain—and pumped out $3.78 billion in revenue from the end of 2014 to the middle of 2016. But despite the upward momentum, investigators from the U.S. Department of Justice reported that OneCoin’s value was rigged internally, that the coins were essentially worthless, and users could not even trace ownership of the coins. The DOJ alleged those at the head of the company made nearly $2.5 billion in profit that they squirreled away in company bank accounts.

Damian Williams, the U.S. attorney for the Southern District of New York, told reporters Ignatova capitalized “on the frenzied speculation of the early days of cryptocurrency.”

In an FBI-provided video of Ignatova speaking at a London company event dated June, 2016, Ignatova boasted about her two million active users, adding “no other cryptocurrency has as many users as we do,”

Bloomberg reported that after Ignatova grew suspicious that the feds were onto her, she fled to Greece and then investigators lost track of her.

In 2019, the U.S. unsealed an indictment against Ignatova, charging her with the previously mentioned litany of financial crimes. That same year, Konstantin Ignatova, one of OneCoin’s founders and Ruja’s brother, was charged with conspiracy to commit wire fraud. Konstantin managed to get a plea deal, and though his sentencing was set for May 13, his attorneys adjourned the date for 90 days so he could further cooperate with authorities.

The Cryptoqueen has evaded police custody and remains at large to this day. So, the FBI says it’ll pay up to a $100,000 reward for any info that leads to an arrest.

[…]

Source: ‘Cryptoqueen’ Lands a Spot On the FBI’s Most Wanted List

The European Union (EU) finally agreed on landmark anti-money laundering rules for crypto transactions Wednesday, despite industry concerns over the law harming privacy and innovation.

The final proposals will mean customer identity needs to be verified for even the smallest crypto transfers, if it’s between two regulated digital wallet providers – but payments to unhosted private wallets will largely be left out of laundering checks.

[…]

EU lawmaker Ondřej Kovařík confirmed the provisional deal in a tweet, saying that it “strikes the right balance in mitigating risks for fighting money laundering in the crypto sector without preventing innovation and overburdening businesses.”

[…]

Kovařík said those unhosted wallet rules would only apply when transfers were made to a person’s own private wallet, and only when the value was over 1,000 euros ($1,052). A further source briefed on talks has confirmed those details.

Ernest Urtasun, a member of the European Greens party, who jointly led parliament’s negotiations on the law, tweeted that the rules were “putting an end to the wild west of unregulated crypto, closing major loopholes in the European anti-money laundering rules.”

Urtasun confirmed that the final deal would mean that, for transactions between regulated wallets, customer identity details have to be recorded for even the smallest transaction. That makes crypto rules unlike those for the conventional banking sector, which only catch those worth over 1,000 euros.

Lawmakers and governments overturned European Commission plans to exempt small transactions, arguing that price volatility and the ability to break up payments into smaller chunks would make it unworkable for crypto.

[…]

Source: No AML Checks For Most Transfers To Unhosted Crypto Wallets, EU Policymakers Decide

One of Apple’s most senior legal executives, whom the iGiant trusted to prevent insider trading, has admitted to insider trading.

Gene Levoff pleaded guilty to six counts of security fraud stemming from a February 2019 complaint, according to a Thursday announcement from the US Department of Justice on Thursday.

Levoff used non-public information about Apple’s financial results to inform his trades on Apple stock, earning himself $227,000 and avoiding $377,000 of losses. He was able to access the information as he served as co-chairman of Apple’s Disclosure Committee, which reviewed the company’s quarterly draft, annual report and Securities and Exchange Commission (SEC) filings.

Levoff’s biggest trade was the sale of $10 million of his own Apple stock in July 2015 – a deal that almost depleted his entire holding and came just before Apple announced worse results than the market anticipated. According to the SEC, this saved him $345,000 in losses.

[…]

he did try (and fail) to have the case overthrown last year, by arguing there was no specific criminal law barring insider training.

Levoff’s sentencing is scheduled for November. He faces up to 20 years in prison per count and a $5 million fine.

Source: Apple’s insider trading prevention guy pleads guilty to that • The Register