$27 200 000 USD

JUNE 2019




"[T]he criminal endeavor involved a "typosquatting" scam in which a "well-known" (but unnamed) online crypto exchange was cloned in order to gain access to victims’ crypto wallet login details and steal funds." "The investigation relates to typosquatting, where a well-known online cryptocurrency exchange was ‘spoofed’ – or recreated to imitate the genuine site - to gain access to victims’ Bitcoin wallets, stealing their funds and login details."


"Typosquatting sees scammers create webpages that fool you into believing they are legitimate by having almost legitimate URLs. If a user is careless or in a hurry it’s all too easy to not notice that you are on a site called example.om rather than example.com, for instance." "The typosquatting fraudsters produced a site that imitated a genuine site to gain entry to their crypto-casualties' Bitcoin wallets to free them of those lovely funds and their login details." "Europol states that the six arrested created a nearly identical website and URL address which imitated a prominent cryptocurrency exchange."


"[The] fake exchange website has managed to steal €24 million (over $27 million) in cryptocurrency from thousands of victims." "[T]he scam is thought to have led to at least 4,000 victims in 12 countries losing bitcoin to the scam, though Europol says the number of known victims are still growing."


"The police investigation began in April 2018, after an individual in Wiltshire contacted UK police to report that they had lost £17,000 worth of Bitcoin. Law enforcement agencies estimate that there are more than four thousand victims in at least 12 countries, amounting to a haul of over €24 million."


“The investigation has grown from a single report of £17k worth of bitcoin stolen from a Wiltshire-based victim to a current estimate of more than four thousand victims in at least 12 countries. We expect that number to grow. As part of today’s operation, we’ve seized a large number of devices, equipment and valuable assets with huge support from our colleagues in Avon and Somerset Police, Wiltshire Police, Tarian and the South East ROCU. Devon and Cornwall and the Metropolitan Police also provided vital help in the form of their two cyber dogs, who played key roles in searching suspects’ homes.”


"This case was referred to the European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) hosted at Europol after the British authorities identified possible suspects living in the Netherlands. Operational support delivered by EC3 since February 2018 allowed the J-CAT to coordinate the international cooperation between the different EU Member States involved."


"Europol said in a press release Wednesday that six individuals have now been arrested over the scam in an operation that also involved the UK’s South West Regional Cyber Crime Unit and National Crime Agency, along with Dutch police and Eurojust." "A larger number of electronic devices and equipment were seized at the homes of those arrested, and will now be examined by the UK’s South West Regional Cyber Crime Unit (SW RCCU)."


"Five men and one woman were simultaneously arrested yesterday at their homes in several U.K. locations, as well as Amsterdam and Rotterdam in the Netherlands." "The five men and one woman were arrested in simultaneous warrants this morning at their homes in Charlcombe, Lower Weston and Staverton (UK) and Amsterdam and Rotterdam (the Netherlands)."


"Those apprehended in the UK were arrested on suspicion of committing computer misuse and money laundering offences, while their Dutch counterparts – including a 19-year-old woman in Amsterdam – have been arrested on suspicion of money laundering."

Users of an unnamed popular cryptocurrency exchange platform found themselves tricked into providing their assets to cybercriminals. The criminals set up sites which looked identical to the exchange, and were able to gain login and authentication details, ultimately making off with $27.2m USD of cryptocurrencies. The criminals were later brought to justice.


It's unclear which platform was involved, however that platform could require an email confirmation when users request access from a new IP address, and only grant access if that link is clicked from the same IP as requested access. Keys can be a shared multi-sig between the exchange and the end user to further prevent unauthorized transfers.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.