The lawsuit alleges that Tether improperly liquidated over 39,500 Bitcoin during Celsius’s 2022 collapse, which violated contractual terms and US bankruptcy law. Celsius claims the fire sale caused billions in losses and accuses Tether of bad faith and fraudulent transfers. Meanwhile, the DOJ charged four North Koreans with infiltrating US and Serbian crypto companies, and stealing nearly $1 million to support Pyongyang’s illicit programs. Separately, the US Treasury sanctioned Russia-based Aeza Group and its leadership for providing infrastructure to cybercriminals. Judge Clears Celsius Lawsuit Against Tether A US bankruptcy judge ruled that Celsius Network’s multibillion-dollar lawsuit against Tether can proceed, and rejected key parts of Tether’s motion to dismiss the case. The lawsuit was filed in New York, and it accuses Tether of improperly liquidating more than 39,500 Bitcoin belonging to Celsius in June of 2022, during the crypto lender’s collapse. Celsius alleges that Tether acted in bad faith by executing a “fire sale” of the collateral at an average price of $20,656—below market value—and applied the proceeds to an $812 million loan without observing a mandatory 10-hour waiting period. The funds were reportedly later moved to Tether’s affiliated Bitfinex accounts. Judge’s denial of motion to dismiss (Source: CourtListener ) Celsius claims that Tether’s actions breached their lending agreement, violated good faith obligations under British Virgin Islands law, and constituted fraudulent and preferential transfers under US bankruptcy regulations. These allegations are based on the premise that, despite Tether being incorporated in the British Virgin Islands and Hong Kong, the actions in question involved US-based elements, including personnel, communications, and financial accounts. The judge agreed that the case had enough domestic ties, countering Tether’s claim that the lawsuit represented an overreach of US jurisdiction. Although some claims were dismissed, the court allowed Celsius to move forward with its core allegations of breach of contract and improper transfer of assets. The company argues that the premature liquidation cost it over $4 billion at current Bitcoin prices. Celsius was once a major player in crypto lending, and exited bankruptcy in January of 2024 after 18 months of restructuring, It has since started repaying creditors. Separately, Tether CEO Paolo Ardoino recently dismissed speculation about the company launching an IPO, despite industry chatter valuing Tether at over $500 billion. Ardoino called such a valuation a “beautiful number” but hinted that it may still undervalue Tether, given its vast reserves in Bitcoin and gold. The company is also building its Bitcoin holdings, including a recent transfer of nearly 37,230 BTC—valued at approximately $3.9 billion—to addresses associated with its majority-owned Twenty One Capital, now the third-largest corporate Bitcoin holder globally. DOJ Charges 4 North Koreans In other crypto-related legal news, four North Korean nationals have been charged in Georgia with wire fraud and money laundering after allegedly infiltrating US and Serbian blockchain companies by posing as remote IT workers and stealing nearly $1 million in cryptocurrency. The US Department of Justice (DOJ) named the defendants as Kim Kwang Jin, Kang Tae Bok, Jong Pong Ju, and Chang Nam Il, who used stolen and fake identities to mask their North Korean origins. The group reportedly operated out of the United Arab Emirates in 2019 before securing employment at a blockchain startup in Atlanta and a Serbian virtual token company between late 2020 and mid-2021. Press release from the US Attorney's Office According to prosecutors, Kim and Jong submitted fraudulent documents, including counterfeit and stolen IDs, to secure their positions. Once embedded in the companies, they exploited their access to steal funds. In February of 2022, Jong allegedly diverted $175,000 in crypto assets, and in March of the same year, Kim reportedly manipulated smart contract code to steal an additional $740,000. The proceeds were laundered through crypto mixers and transferred to accounts controlled by Kang and Chang, who used fraudulent Malaysian identities to open the accounts. The DOJ explained that the scheme aimed to bypass international sanctions and funnel money into North Korea’s illicit programs, including its weapons development initiatives. Assistant Attorney General John A. Eisenberg described the operation as a calculated effort to target and exploit US businesses. This case is part of the DOJ’s DPRK RevGen: Domestic Enabler Initiative, which was launched in 2024 to disrupt North Korea’s global revenue-generating operations. As part of this crackdown , federal agents conducted raids across 16 states, seized nearly 30 financial accounts, over 20 fake websites, and around 200 computers from “laptop farms” that were designed to make North Korean operatives look like US-based workers. The DOJ stated that these elaborate schemes allowed IT workers to gain remote jobs at more than 100 American companies, diverting millions of dollars to Pyongyang and, in some instances, accessing sensitive military data. Aeza Group Hit with US Sanctions The US Treasury also recently imposed sanctions on the Russia-based Aeza Group, its leadership, and a connected cryptocurrency wallet for allegedly aiding cybercriminal operations through its bulletproof hosting (BPH) services. According to the Treasury’s Office of Foreign Assets Control ( OFAC ), Aeza Group provided specialized servers and infrastructure to ransomware groups and info-stealer operators, facilitating campaigns that targeted victims globally. Among the sanctioned entities are several Russia- and UK-based companies and four Russian nationals who either own or help run Aeza, including CEO Arsenii Aleksandrovich Penzev and general director Yurii Meruzhanovich Bozoyan. OFAC also sanctioned a Tron blockchain wallet tied to Aeza’s payment processor. Blockchain analytics firm Chainalysis said this wallet was used to receive payments for Aeza’s hosting services and to forward funds to cryptocurrency exchanges, which made it difficult to trace customer deposits. The address held around $350,000 in crypto and was also reportedly used for direct payments. TRM Labs added that this wallet is linked to other cybercrime infrastructure and sanctioned entities, including the Russian crypto exchange Garantex. Sanctioned Tron address (Source: Chainalysis ) Aeza’s services were allegedly used by various threat actors, including the Meduza and Lumma infostealer operations, BianLian ransomware, RedLine info-stealer panels, and the darknet marketplace BlackSprut. OFAC’s action also targeted Aeza’s board of directors, including Penzev, Bozoyan, technical director Vladimir Vyacheslavovich Gast, and part owner Igor Anatolyevich Knyazev, who is said to be managing operations after Penzev and Bozoyan were arrested in Russia over links to illicit online markets. With these sanctions, any assets in the US linked to Aeza and its executives are now frozen, and US persons are barred from engaging in financial or business dealings with the sanctioned people or entities. The move is part of a global effort to disrupt cybercrime infrastructure. Chainalysis described the sanctions as a key step in dismantling the supply chains that enable large-scale cyberattacks. TRM Labs believes that targeting service providers like Aeza helps reduce the “surface area of abuse” and creates leverage points for law enforcement to disrupt illicit online networks.