Josh Jones' Crypto Stolen By Hamilton Teen: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/joshjonescryptostolenbyhamiltonteen.php}} | {{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/joshjonescryptostolenbyhamiltonteen.php}} | ||
{{Unattributed | {{Unattributed Sources}} | ||
Josh Jones left his funds on an exchange platform, secured through a two-factor authentication on a cell phone. The cell phone carrier was tricked into swapping the phone to another one by a 17 year old teen in Hamilton. Authorities eventually determined who the teen was when he (without employing any sort of privacy methods) spent some coins to buy a username for a video game. He's been arrested and convicted. There is no word on what Josh Jones recovered. | Josh Jones left his funds on an exchange platform, secured through a two-factor authentication on a cell phone. The cell phone carrier was tricked into swapping the phone to another one by a 17 year old teen in Hamilton. Authorities eventually determined who the teen was when he (without employing any sort of privacy methods) spent some coins to buy a username for a video game. He's been arrested and convicted. There is no word on what Josh Jones recovered. | ||
This exchange or platform is based in United States, or the incident targeted people primarily in United States. | This exchange or platform is based in United States, or the incident targeted people primarily in United States.<ref name="cp24-4655" /><ref name="winnipegcitynews-4656" /><ref name="torontosun-4657" /><ref name="thespec-4658" /><ref name="dailymail-4659" /><ref name="radiocanada-4660" /><ref name="fullycrypto-4661" /><ref name="reddit-4662" /><ref name="reveddit-4663" /><ref name="thecanadiannews-4664" /><ref name="newsghana-4665" /><ref name="cryptonomist-4666" /><ref name="jackofalltechs-7852" /> | ||
<ref name="cp24-4655" /><ref name="winnipegcitynews-4656" /><ref name="torontosun-4657" /><ref name="thespec-4658" /><ref name="dailymail-4659" /><ref name="radiocanada-4660" /><ref name="fullycrypto-4661" /><ref name="reddit-4662" /><ref name="reveddit-4663" /><ref name="thecanadiannews-4664" /><ref name="newsghana-4665" /><ref name="cryptonomist-4666" /><ref name="jackofalltechs-7852" /> | |||
== About Unknown == | == About Unknown == | ||
| Line 81: | Line 80: | ||
!Description | !Description | ||
|- | |- | ||
|February 15th, 2020 | |February 15th, 2020 | ||
|Main Event | |Main Event | ||
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. | |Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. | ||
| Line 89: | Line 88: | ||
| | | | ||
|} | |} | ||
== Technical Details == | |||
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited? | |||
== Total Amount Lost == | == Total Amount Lost == | ||
| Line 108: | Line 110: | ||
== Ongoing Developments == | == Ongoing Developments == | ||
What parts of this case are still remaining to be concluded? | What parts of this case are still remaining to be concluded? | ||
== General Prevention Policies == | |||
Cell phone providers are not generally very secure, and can often be used to get back into email or reset passwords. It's not really two-factor if the single factor (your phone number) can be used to recover or bypass all the other factors. You need to use a device which is physically different for the second factor. It's a good idea to have as many factors as a platform will let you, and platforms should allow for more than just two factors. | |||
== Individual Prevention Policies == | |||
{{Prevention:Individuals:Placeholder}} | |||
{{Prevention:Individuals:End}} | |||
== Platform Prevention Policies == | |||
{{Prevention:Platforms:Placeholder}} | |||
{{Prevention:Platforms:End}} | |||
== Regulatory Prevention Policies == | |||
{{Prevention:Regulators:Placeholder}} | |||
{{Prevention:Regulators:End}} | |||
== References == | == References == | ||
<references><ref name="cp24-4655">[https://www.cp24.com/news/hamilton-teen-accused-of-stealing-46m-worth-of-cryptocurrency-buying-rare-online-gaming-name-1.5669961 Ontario teen allegedly stole $46 million in cryptocurrency from one person in the U.S.: police | CP24.com] (Dec | <references><ref name="cp24-4655">[https://www.cp24.com/news/hamilton-teen-accused-of-stealing-46m-worth-of-cryptocurrency-buying-rare-online-gaming-name-1.5669961 Ontario teen allegedly stole $46 million in cryptocurrency from one person in the U.S.: police | CP24.com] (Dec 4, 2021)</ref> | ||
<ref name="winnipegcitynews-4656">[https://winnipeg.citynews.ca/2021/11/17/hamilton-police-arrest-teen-cryptocurrency/ CityNews] (Dec | <ref name="winnipegcitynews-4656">[https://winnipeg.citynews.ca/2021/11/17/hamilton-police-arrest-teen-cryptocurrency/ CityNews] (Dec 21, 2021)</ref> | ||
<ref name="torontosun-4657">[https://torontosun.com/news/local-news/hamilton-teen-busted-in-biggest-ever-46m-cryptocurrency-heist Hamilton teen busted in 'biggest ever' $46M cryptocurrency heist | Toronto Sun] (Dec | <ref name="torontosun-4657">[https://torontosun.com/news/local-news/hamilton-teen-busted-in-biggest-ever-46m-cryptocurrency-heist Hamilton teen busted in 'biggest ever' $46M cryptocurrency heist | Toronto Sun] (Dec 22, 2021)</ref> | ||
<ref name="thespec-4658">[https://www.thespec.com/news/crime/2021/11/23/hamilton-cryptocurrency-bitcoin-theft.html https://www.thespec.com/news/crime/2021/11/23/hamilton-cryptocurrency-bitcoin-theft.html] (Dec | <ref name="thespec-4658">[https://www.thespec.com/news/crime/2021/11/23/hamilton-cryptocurrency-bitcoin-theft.html https://www.thespec.com/news/crime/2021/11/23/hamilton-cryptocurrency-bitcoin-theft.html] (Dec 22, 2021)</ref> | ||
<ref name="dailymail-4659">[https://www.dailymail.co.uk/news/article-10216829/Canada-teen-stole-46million-cryptocurrency-single-person-America.html Canada teen 'stole $46million in cryptocurrency from a single person in America' | Daily Mail Online] (Dec | <ref name="dailymail-4659">[https://www.dailymail.co.uk/news/article-10216829/Canada-teen-stole-46million-cryptocurrency-single-person-America.html Canada teen 'stole $46million in cryptocurrency from a single person in America' | Daily Mail Online] (Dec 22, 2021)</ref> | ||
<ref name="radiocanada-4660">[https://ici.radio-canada.ca/rci/en/news/1840811/hamilton-youth-charged-after-46m-in-cryptocurrency-stolen-from-u-s-resident-was-used-to-get-gaming-username Hamilton youth charged after $46M in cryptocurrency stolen from U.S. resident was used to get gaming username | Radio-Canada.ca] (Dec | <ref name="radiocanada-4660">[https://ici.radio-canada.ca/rci/en/news/1840811/hamilton-youth-charged-after-46m-in-cryptocurrency-stolen-from-u-s-resident-was-used-to-get-gaming-username Hamilton youth charged after $46M in cryptocurrency stolen from U.S. resident was used to get gaming username | Radio-Canada.ca] (Dec 22, 2021)</ref> | ||
<ref name="fullycrypto-4661">[https://fullycrypto.com/crypto-sim-swap-victim-joshua-jones-lost-%E2%82%BF43768-in-mt-gox-hack Crypto Sim Swap Victim Joshua Jones Lost ₿43,768 in Mt. Gox Hack] (Dec | <ref name="fullycrypto-4661">[https://fullycrypto.com/crypto-sim-swap-victim-joshua-jones-lost-%E2%82%BF43768-in-mt-gox-hack Crypto Sim Swap Victim Joshua Jones Lost ₿43,768 in Mt. Gox Hack] (Dec 22, 2021)</ref> | ||
<ref name="reddit-4662">[https://www.reddit.com/r/mtgoxinsolvency/comments/f828oz/founder_of_bitcoin_builder_josh_jones_and_one_of/ Founder of Bitcoin Builder, Josh Jones, and one of mtgox's largest creditors just lost $37 million in a sim hack. : mtgoxinsolvency] (Dec | <ref name="reddit-4662">[https://www.reddit.com/r/mtgoxinsolvency/comments/f828oz/founder_of_bitcoin_builder_josh_jones_and_one_of/ Founder of Bitcoin Builder, Josh Jones, and one of mtgox's largest creditors just lost $37 million in a sim hack. : mtgoxinsolvency] (Dec 22, 2021)</ref> | ||
<ref name="reveddit-4663">[https://www.reveddit.com/v/btc/comments/f7lbae/30m_bch_sim_hack/?ps_after=1582350881 reveddit] (Dec | <ref name="reveddit-4663">[https://www.reveddit.com/v/btc/comments/f7lbae/30m_bch_sim_hack/?ps_after=1582350881 reveddit] (Dec 22, 2021)</ref> | ||
<ref name="thecanadiannews-4664">[https://thecanadian.news/2021/11/23/a-17-year-old-from-hamilton-charged-with-cryptocurrency-theft-of-46-million-allegedly-stolen-from-bitcoin-pioneer/ A 17-Year-Old From Hamilton Charged With Cryptocurrency Theft Of $ 46 Million Allegedly Stolen From Bitcoin Pioneer - The Canadian] (Dec | <ref name="thecanadiannews-4664">[https://thecanadian.news/2021/11/23/a-17-year-old-from-hamilton-charged-with-cryptocurrency-theft-of-46-million-allegedly-stolen-from-bitcoin-pioneer/ A 17-Year-Old From Hamilton Charged With Cryptocurrency Theft Of $ 46 Million Allegedly Stolen From Bitcoin Pioneer - The Canadian] (Dec 22, 2021)</ref> | ||
<ref name="newsghana-4665">[https://newsghana.com.gh/canadian-teen-arrested-for-us36-million-bitcoin-theft/ Canadian teen arrested for US$36 million Bitcoin theft | News Ghana] (Dec | <ref name="newsghana-4665">[https://newsghana.com.gh/canadian-teen-arrested-for-us36-million-bitcoin-theft/ Canadian teen arrested for US$36 million Bitcoin theft | News Ghana] (Dec 22, 2021)</ref> | ||
<ref name="cryptonomist-4666">[https://en.cryptonomist.ch/2020/10/07/josh-jones-bitcoin-house-ceo-playboy/ Josh Jones, the billionaire in Bitcoin buys the house of the CEO of Playboy] (Dec | <ref name="cryptonomist-4666">[https://en.cryptonomist.ch/2020/10/07/josh-jones-bitcoin-house-ceo-playboy/ Josh Jones, the billionaire in Bitcoin buys the house of the CEO of Playboy] (Dec 22, 2021)</ref> | ||
<ref name="jackofalltechs-7852">[https://jackofalltechs.com/2021/11/21/canada-detains-teen-for-alleged-36-million-cryptocurrency-theft/ Canada Detains Teen for Alleged $36 Million Cryptocurrency Theft - JackOfAllTechs.com] (May 31, 2022)</ref></references> | <ref name="jackofalltechs-7852">[https://jackofalltechs.com/2021/11/21/canada-detains-teen-for-alleged-36-million-cryptocurrency-theft/ Canada Detains Teen for Alleged $36 Million Cryptocurrency Theft - JackOfAllTechs.com] (May 31, 2022)</ref></references> | ||
Revision as of 13:29, 1 May 2023
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Josh Jones left his funds on an exchange platform, secured through a two-factor authentication on a cell phone. The cell phone carrier was tricked into swapping the phone to another one by a 17 year old teen in Hamilton. Authorities eventually determined who the teen was when he (without employing any sort of privacy methods) spent some coins to buy a username for a video game. He's been arrested and convicted. There is no word on what Josh Jones recovered.
This exchange or platform is based in United States, or the incident targeted people primarily in United States.[1][2][3][4][5][6][7][8][9][10][11][12][13]
About Unknown
"According to various interviews and profiles, in 1996 [Josh] Jones co-founded DreamHost, a successful web hosting provider, with three fellow undergraduate classmates at Harvey Mudd College, a private college in California. In 2013, he sold his shares in that company, but has been involved in numerous other ventures."
"In 2010 he became one of the earliest investors in Bitcoin and has since amassed a fortune in the cryptocurrency. Other projects include starting an e-publishing business for children’s books, a California-based accelerator and an investment firm. The Bitcoin theft does not appear to have slowed his acquisitions — he recently bought an airline and has a production company that bought the animation rights to the long-running comic Groo the Wanderer."
"In a recent interview on the podcast LA Venture he’s dubbed the “richest, goofiest, most confident yet normal-seeming person.”"
"In the 31-minute episode he explains his “irrational self-confidence” that has led him to invest in companies or ideas that others view as too risky. He almost always believes he’s right, despite naysayers."
“Just the fact that everyone on earth thinks that Bitcoin is crazy, and no one is telling me why, doesn’t matter,” he says, recalling back to 2010 when he started mining Bitcoin."
"Josh Jones lost $46 million worth in Bitcoin when he was targeted in the SIM swap attack in February 2020, The Spectator has confirmed with multiple sources." "The person carrying out the attack initially gathers as much personal data available to them online to build a picture of their target. With the information to hand, the hacker then tricks the target's mobile phone provider into switching their number over to a SIM car controlled by the attacker."
"According to police, in February of 2020, the suspect—whose name is not being released—hijacked the victim’s phone by manipulating cellular network employees and intercepting two-factor authorization requests. This gave the suspect access to cryptocurrency stored on a wallet in the victim’s phone." The "17-year-old Hamilton boy" "is accused of orchestrating a SIM swap attack to steal $46M in cryptocurrency from a person in the United States."
"Jones first reported the theft to the Los Angeles FBI, who then brought in other U.S. and Canadian agencies as the investigation grew." "The Santa Clara County District Attorney’s Office, in the San Francisco Bay Area, confirmed it became involved after its specialized tech-crime team received tips after news of the theft spread in cryptocurrency circles."
"Hamilton Police began the investigation in March of 2020 and worked with the Federal Bureau of Investigations and the United States Secret Service Electronic Crimes Task Force."
"Rumours about the theft had been circulating online since early 2020 after someone — suspected but not confirmed to be Jones — posted about it on Reddit. That post has since been taken down, but many comments included criticism for leaving such a large amount of Bitcoin accessible on a phone."
Police explained in a press release that a swap attack is a “method hijacking valuable accounts by manipulating cellular network employees to duplicate phone numbers so threat actors can intercept two-factor authorization requests.”
“The joint investigation revealed that some of the stolen cryptocurrency was used to purchase an online username that was considered to be rare in the gaming community,.”
“This transaction led investigators to uncover the account holder of the rare username.”
"The suspect was tracked down and arrested for theft over $5,000.00 and possession of property or proceeds of property obtained by crime. This matter is before the courts."
"Hamilton police announced the arrest on Wednesday after a joint investigation with the Federal Bureau of Investigations (FBI) and the United States Secret Service Electronic Crimes Task Force that began in March 2020."
"According to police, the victim had been targeted by a SIM swap attack, a method of manipulating cellular network carriers so scammers can intercept two-factor authentication requests."
“This is currently the biggest cryptocurrency theft reported from one person,” Hamilton Police said in the press release.
"Det. Const. Kenneth Kirkpatrick told CTV News Toronto that two-factor authentication is key in protecting your investments and funds." "He added that using different passwords for different websites and applications was also crucial."
"Jones has never commented on the theft, including in recent interviews he’s given about his work and investments. He could not be reached for comment."
This exchange or platform is based in United States, or the incident targeted people primarily in United States.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| February 15th, 2020 | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost has been estimated at $46,000,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
The total amount recovered is unknown.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
Cell phone providers are not generally very secure, and can often be used to get back into email or reset passwords. It's not really two-factor if the single factor (your phone number) can be used to recover or bypass all the other factors. You need to use a device which is physically different for the second factor. It's a good idea to have as many factors as a platform will let you, and platforms should allow for more than just two factors.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Ontario teen allegedly stole $46 million in cryptocurrency from one person in the U.S.: police | CP24.com (Dec 4, 2021)
- ↑ CityNews (Dec 21, 2021)
- ↑ Hamilton teen busted in 'biggest ever' $46M cryptocurrency heist | Toronto Sun (Dec 22, 2021)
- ↑ https://www.thespec.com/news/crime/2021/11/23/hamilton-cryptocurrency-bitcoin-theft.html (Dec 22, 2021)
- ↑ Canada teen 'stole $46million in cryptocurrency from a single person in America' | Daily Mail Online (Dec 22, 2021)
- ↑ Hamilton youth charged after $46M in cryptocurrency stolen from U.S. resident was used to get gaming username | Radio-Canada.ca (Dec 22, 2021)
- ↑ Crypto Sim Swap Victim Joshua Jones Lost ₿43,768 in Mt. Gox Hack (Dec 22, 2021)
- ↑ Founder of Bitcoin Builder, Josh Jones, and one of mtgox's largest creditors just lost $37 million in a sim hack. : mtgoxinsolvency (Dec 22, 2021)
- ↑ reveddit (Dec 22, 2021)
- ↑ A 17-Year-Old From Hamilton Charged With Cryptocurrency Theft Of $ 46 Million Allegedly Stolen From Bitcoin Pioneer - The Canadian (Dec 22, 2021)
- ↑ Canadian teen arrested for US$36 million Bitcoin theft | News Ghana (Dec 22, 2021)
- ↑ Josh Jones, the billionaire in Bitcoin buys the house of the CEO of Playboy (Dec 22, 2021)
- ↑ Canada Detains Teen for Alleged $36 Million Cryptocurrency Theft - JackOfAllTechs.com (May 31, 2022)