Josh Jones' Crypto Stolen By Hamilton Teen: Difference between revisions
No edit summary |
No edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{ | {{Case Study Under Construction}}{{Unattributed Sources}} | ||
{{Unattributed | |||
Josh Jones left his funds on an exchange platform, secured through a two-factor authentication on a cell phone. The cell phone carrier was tricked into swapping the phone to another one by a 17 year old teen in Hamilton. Authorities eventually determined who the teen was when he (without employing any sort of privacy methods) spent some coins to buy a username for a video game. He's been arrested and convicted. There is no word on what Josh Jones recovered. | Josh Jones left his funds on an exchange platform, secured through a two-factor authentication on a cell phone. The cell phone carrier was tricked into swapping the phone to another one by a 17 year old teen in Hamilton. Authorities eventually determined who the teen was when he (without employing any sort of privacy methods) spent some coins to buy a username for a video game. He's been arrested and convicted. There is no word on what Josh Jones recovered. | ||
This exchange or platform is based in United States, or the incident targeted people primarily in United States. | This exchange or platform is based in United States, or the incident targeted people primarily in United States.<ref name="cp24-4655" /><ref name="winnipegcitynews-4656" /><ref name="torontosun-4657" /><ref name="thespec-4658" /><ref name="dailymail-4659" /><ref name="radiocanada-4660" /><ref name="fullycrypto-4661" /><ref name="reddit-4662" /><ref name="reveddit-4663" /><ref name="thecanadiannews-4664" /><ref name="newsghana-4665" /><ref name="cryptonomist-4666" /><ref name="jackofalltechs-7852" /><ref>https://twitter.com/doveywan/status/1231073856669933569</ref><ref>https://www.thestar.com/ths/news/crime/2022/06/24/hamilton-bitcoin-theft.html</ref><ref>https://newsletter.blockthreat.io/p/blockthreat-week-25-2022 (Accessed Mar 23, 2023)</ref> | ||
<ref name="cp24-4655" /><ref name="winnipegcitynews-4656" /><ref name="torontosun-4657" /><ref name="thespec-4658" /><ref name="dailymail-4659" /><ref name="radiocanada-4660" /><ref name="fullycrypto-4661" /><ref name="reddit-4662" /><ref name="reveddit-4663" /><ref name="thecanadiannews-4664" /><ref name="newsghana-4665" /><ref name="cryptonomist-4666" /><ref name="jackofalltechs-7852" /> | |||
== About | == About Josh Jones == | ||
"According to various interviews and profiles, in 1996 [Josh] Jones co-founded DreamHost, a successful web hosting provider, with three fellow undergraduate classmates at Harvey Mudd College, a private college in California. In 2013, he sold his shares in that company, but has been involved in numerous other ventures." | "According to various interviews and profiles, in 1996 [Josh] Jones co-founded DreamHost, a successful web hosting provider, with three fellow undergraduate classmates at Harvey Mudd College, a private college in California. In 2013, he sold his shares in that company, but has been involved in numerous other ventures." | ||
| Line 18: | Line 16: | ||
“Just the fact that everyone on earth thinks that Bitcoin is crazy, and no one is telling me why, doesn’t matter,” he says, recalling back to 2010 when he started mining Bitcoin." | “Just the fact that everyone on earth thinks that Bitcoin is crazy, and no one is telling me why, doesn’t matter,” he says, recalling back to 2010 when he started mining Bitcoin." | ||
" | Josh Jones was an entrepreneur and early adopter of cryptocurrency<ref name=":0">[https://torontolife.com/city/the-case-of-the-missing-46-million/ THE CASE OF THE MISSING $46 MILLION - Toronto Life] (Accessed Apr 3, 2024)</ref>. Jones amassed a significant fortune through ventures like DreamHost and Bitcoin Builder<ref name=":0">[https://torontolife.com/city/the-case-of-the-missing-46-million/ THE CASE OF THE MISSING $46 MILLION - Toronto Life] (Accessed Apr 3, 2024)</ref>. | ||
. The heist was orchestrated by a reclusive teenage hacker from the Greater Toronto Area (GTA), known for his involvement in cybercrime, including SIM swapping and hacking high-profile accounts. Despite efforts by law enforcement, only a fraction of the stolen funds have been recovered, leaving Jones in a precarious position. Meanwhile, the accused hacker faces charges and legal proceedings, highlighting the challenges of prosecuting crypto crimes. | |||
== The Reality == | |||
His openness about his wealth and involvement in the crypto community made him a target for hackers<ref name=":0" />. | |||
Sim swapping is a common vulnerability for cryptocurrency holders. | |||
" | "The person carrying out the attack initially gathers as much personal data available to them online to build a picture of their target. With the information to hand, the hacker then tricks the target's mobile phone provider into switching their number over to a SIM car controlled by the attacker." | ||
Police explained in a press release that a swap attack is a “method hijacking valuable accounts by manipulating cellular network employees to duplicate phone numbers so threat actors can intercept two-factor authorization requests.” | |||
"Det. Const. Kenneth Kirkpatrick told CTV News Toronto that two-factor authentication is key in protecting your investments and funds." "He added that using different passwords for different websites and applications was also crucial." | "Det. Const. Kenneth Kirkpatrick told CTV News Toronto that two-factor authentication is key in protecting your investments and funds." "He added that using different passwords for different websites and applications was also crucial." | ||
== What Happened == | == What Happened == | ||
Josh Jones fell victim to a historic crypto heist, losing $46 million worth of bitcoin and Bitcoin Cash when he was targeted in the SIM swap attack in February 2020 | |||
{| class="wikitable" | {| class="wikitable" | ||
|+Key Event Timeline - Josh Jones' Crypto Stolen By Hamilton Teen | |+Key Event Timeline - Josh Jones' Crypto Stolen By Hamilton Teen | ||
| Line 81: | Line 44: | ||
!Description | !Description | ||
|- | |- | ||
|February | |August 24th, 2019 | ||
| | |Adam Dahlberg Breach Involvement | ||
| | |"chat logs show that, on August 24, 2019, the squad enlisted him to help them hack their next “targ,” as they called their victims: Adam Dahlberg, an American YouTuber and video game streamer better known as Sky Does Minecraft. The Squad would handle his telco while [the hacker]’s job was to get a blank SIM card, put it in a phone and, once they’d gained control of Dahlberg’s number, share the codes that appeared on his screen so they could reset his passwords." | ||
|- | |||
|February 21st, 2020 | |||
|Crypto Heist | |||
|In the evening of February 21st, 2020, Josh Jones reportedly fell victim to the SIM swap attack and had $46m worth of bitcoin and bitcoin cash stolen<ref name=":0" />. | |||
|- | |||
|May 14th, 2020 | |||
|Tectical Team Break-In | |||
|"At dawn on May 14, 2020, a tactical team from the Hamilton Police Service banged on [the hacker]’s door, stating that they had a search warrant. There was no time for [the hacker or his roommate] to answer—police rammed the door in, sending shattered glass across the apartment floor. Then came a stun grenade, loud and blinding. They ordered [his roommate] to lie face down with his hands behind his back. Then they sent in dogs and apprehended [the hacker]. The officers confiscated their electronics and took the young men away." | |||
|- | |- | ||
| | |June 22nd, 2022 9:14:56 AM MDT | ||
| | |Toronto Life Article | ||
| | |Toronto Life publishes an article reporting on the theft<ref name=":0" />. The article describes Josh Jones as an entrepreneur and early adopter of cryptocurrency, who fell victim to a historic crypto heist, losing $46 million worth of bitcoin and Bitcoin Cash. The heist was orchestrated by a reclusive teenage hacker from the Greater Toronto Area (GTA), known for his involvement in cybercrime, including SIM swapping and hacking high-profile accounts. Despite efforts by law enforcement, only a fraction of the stolen funds have been recovered, leaving Jones in a precarious position. Meanwhile, the accused hacker faces charges and legal proceedings, highlighting the challenges of prosecuting crypto crimes<ref name=":0" />. | ||
|} | |} | ||
== Technical Details == | |||
"According to police, the victim had been targeted by a SIM swap attack, a method of manipulating cellular network carriers so scammers can intercept two-factor authentication requests." | |||
"According to police, in February of 2020, the suspect—whose name is not being released—hijacked the victim’s phone by manipulating cellular network employees and intercepting two-factor authorization requests. This gave the suspect access to cryptocurrency stored on a wallet in the victim’s phone." The "17-year-old Hamilton boy" "is accused of orchestrating a SIM swap attack to steal $46M in cryptocurrency from a person in the United States." | |||
The heist was orchestrated by a reclusive teenage hacker from the Greater Toronto Area (GTA), known for his involvement in cybercrime, including SIM swapping and hacking high-profile accounts<ref name=":0" />. The hacker had a tumultuous upbringing marked by financial struggles and family turmoil<ref name=":0" />. He found solace and a sense of empowerment in the online world, where he honed his skills in cybercrime, eventually becoming involved in SIM swapping and hacking activities<ref name=":0" />.<blockquote>Rodney was eventually diagnosed with ADHD. Apart from a handful of childhood acquaintances, he had few friends—at least in real life. He spent much of his time online, often immersed in video games. In the digital realm, he wasn’t bound by the circumstances of reality: his parents weren’t fighting, his mom wasn’t ill, he didn’t feel alone. On Facebook, he met another young gamer, whom I’ll call James, through a community of people who modified PlayStation 3 consoles. They bonded over their favourite games, including ''Fortnite''. Rodney occasionally bought rare “skins,” graphics that changed the appearance of his characters, and resold them for as much as $900.</blockquote> | |||
== Total Amount Lost == | == Total Amount Lost == | ||
The total amount lost has been estimated at $46,000,000 USD. | The total amount lost has been estimated at $46,000,000 USD. | ||
== Immediate Reactions == | == Immediate Reactions == | ||
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed? | How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed? | ||
=== Original Post On Reddit === | |||
"Rumours about the theft had been circulating online since early 2020 after someone — suspected but not confirmed to be Jones — posted about it on Reddit. That post has since been taken down, but many comments included criticism for leaving such a large amount of Bitcoin accessible on a phone." | |||
=== Report Of Theft To Los Angeles FBI === | |||
"Jones first reported the theft to the Los Angeles FBI, who then brought in other U.S. and Canadian agencies as the investigation grew." "The Santa Clara County District Attorney’s Office, in the San Francisco Bay Area, confirmed it became involved after its specialized tech-crime team received tips after news of the theft spread in cryptocurrency circles." | |||
"Hamilton Police began the investigation in March of 2020 and worked with the Federal Bureau of Investigations and the United States Secret Service Electronic Crimes Task Force." | |||
== Ultimate Outcome == | == Ultimate Outcome == | ||
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done? | What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done? | ||
=== Online Username Purchase === | |||
“The joint investigation revealed that some of the stolen cryptocurrency was used to purchase an online username that was considered to be rare in the gaming community,.” | |||
“This transaction led investigators to uncover the account holder of the rare username.” | |||
"The suspect was tracked down and arrested for theft over $5,000.00 and possession of property or proceeds of property obtained by crime. This matter is before the courts." | |||
"Hamilton police announced the arrest on Wednesday after a joint investigation with the Federal Bureau of Investigations (FBI) and the United States Secret Service Electronic Crimes Task Force that began in March 2020." | |||
“This is currently the biggest cryptocurrency theft reported from one person,” Hamilton Police said in the press release. | |||
== Total Amount Recovered == | == Total Amount Recovered == | ||
Despite efforts by law enforcement, only a fraction of the stolen funds have been recovered worth around $7m as of November 2021<ref name=":0" />. | |||
== Ongoing Developments == | == Ongoing Developments == | ||
What parts of this case are still remaining to be concluded? | What parts of this case are still remaining to be concluded? | ||
== Prevention Policies == | |||
The accused hacker faces charges and legal proceedings, highlighting the challenges of prosecuting crypto crimes<ref name=":0" />. | |||
"Jones has never commented on the theft, including in recent interviews he’s given about his work and investments. He could not be reached for comment." | |||
"Police are most likely trying to recover the missing funds, monitoring suspicious accounts in case they are used again. If [the hacker] has access to them, he’s sitting on a fortune that he can’t readily spend"<ref name=":0" /> | |||
== General Prevention Policies == | |||
Cell phone providers are not generally very secure, and can often be used to get back into email or reset passwords. It's not really two-factor if the single factor (your phone number) can be used to recover or bypass all the other factors. You need to use a device which is physically different for the second factor. It's a good idea to have as many factors as a platform will let you, and platforms should allow for more than just two factors. | Cell phone providers are not generally very secure, and can often be used to get back into email or reset passwords. It's not really two-factor if the single factor (your phone number) can be used to recover or bypass all the other factors. You need to use a device which is physically different for the second factor. It's a good idea to have as many factors as a platform will let you, and platforms should allow for more than just two factors. | ||
== Individual Prevention Policies == | |||
{{Prevention:Individuals:Placeholder}} | |||
{{Prevention:Individuals:End}} | |||
== Platform Prevention Policies == | |||
{{Prevention:Platforms:Placeholder}} | |||
{{Prevention:Platforms:End}} | |||
== Regulatory Prevention Policies == | |||
{{Prevention:Regulators:Placeholder}} | |||
{{Prevention:Regulators:End}} | |||
== References == | == References == | ||
<references><ref name="cp24-4655">[https://www.cp24.com/news/hamilton-teen-accused-of-stealing-46m-worth-of-cryptocurrency-buying-rare-online-gaming-name-1.5669961 Ontario teen allegedly stole $46 million in cryptocurrency from one person in the U.S.: police | CP24.com] (Dec | <references><ref name="cp24-4655">[https://www.cp24.com/news/hamilton-teen-accused-of-stealing-46m-worth-of-cryptocurrency-buying-rare-online-gaming-name-1.5669961 Ontario teen allegedly stole $46 million in cryptocurrency from one person in the U.S.: police | CP24.com] (Dec 4, 2021)</ref> | ||
<ref name="winnipegcitynews-4656">[https://winnipeg.citynews.ca/2021/11/17/hamilton-police-arrest-teen-cryptocurrency/ CityNews] (Dec | <ref name="winnipegcitynews-4656">[https://winnipeg.citynews.ca/2021/11/17/hamilton-police-arrest-teen-cryptocurrency/ CityNews] (Dec 21, 2021)</ref> | ||
<ref name="torontosun-4657">[https://torontosun.com/news/local-news/hamilton-teen-busted-in-biggest-ever-46m-cryptocurrency-heist Hamilton teen busted in 'biggest ever' $46M cryptocurrency heist | Toronto Sun] (Dec | <ref name="torontosun-4657">[https://torontosun.com/news/local-news/hamilton-teen-busted-in-biggest-ever-46m-cryptocurrency-heist Hamilton teen busted in 'biggest ever' $46M cryptocurrency heist | Toronto Sun] (Dec 22, 2021)</ref> | ||
<ref name="thespec-4658">[https://www.thespec.com/news/crime/2021/11/23/hamilton-cryptocurrency-bitcoin-theft.html https://www.thespec.com/news/crime/2021/11/23/hamilton-cryptocurrency-bitcoin-theft.html] (Dec | <ref name="thespec-4658">[https://www.thespec.com/news/crime/2021/11/23/hamilton-cryptocurrency-bitcoin-theft.html https://www.thespec.com/news/crime/2021/11/23/hamilton-cryptocurrency-bitcoin-theft.html] (Dec 22, 2021)</ref> | ||
<ref name="dailymail-4659">[https://www.dailymail.co.uk/news/article-10216829/Canada-teen-stole-46million-cryptocurrency-single-person-America.html Canada teen 'stole $46million in cryptocurrency from a single person in America' | Daily Mail Online] (Dec | <ref name="dailymail-4659">[https://www.dailymail.co.uk/news/article-10216829/Canada-teen-stole-46million-cryptocurrency-single-person-America.html Canada teen 'stole $46million in cryptocurrency from a single person in America' | Daily Mail Online] (Dec 22, 2021)</ref> | ||
<ref name="radiocanada-4660">[https://ici.radio-canada.ca/rci/en/news/1840811/hamilton-youth-charged-after-46m-in-cryptocurrency-stolen-from-u-s-resident-was-used-to-get-gaming-username Hamilton youth charged after $46M in cryptocurrency stolen from U.S. resident was used to get gaming username | Radio-Canada.ca] (Dec | <ref name="radiocanada-4660">[https://ici.radio-canada.ca/rci/en/news/1840811/hamilton-youth-charged-after-46m-in-cryptocurrency-stolen-from-u-s-resident-was-used-to-get-gaming-username Hamilton youth charged after $46M in cryptocurrency stolen from U.S. resident was used to get gaming username | Radio-Canada.ca] (Dec 22, 2021)</ref> | ||
<ref name="fullycrypto-4661">[https://fullycrypto.com/crypto-sim-swap-victim-joshua-jones-lost-%E2%82%BF43768-in-mt-gox-hack Crypto Sim Swap Victim Joshua Jones Lost ₿43,768 in Mt. Gox Hack] (Dec | <ref name="fullycrypto-4661">[https://fullycrypto.com/crypto-sim-swap-victim-joshua-jones-lost-%E2%82%BF43768-in-mt-gox-hack Crypto Sim Swap Victim Joshua Jones Lost ₿43,768 in Mt. Gox Hack] (Dec 22, 2021)</ref> | ||
<ref name="reddit-4662">[https://www.reddit.com/r/mtgoxinsolvency/comments/f828oz/founder_of_bitcoin_builder_josh_jones_and_one_of/ Founder of Bitcoin Builder, Josh Jones, and one of mtgox's largest creditors just lost $37 million in a sim hack. : mtgoxinsolvency] (Dec | <ref name="reddit-4662">[https://www.reddit.com/r/mtgoxinsolvency/comments/f828oz/founder_of_bitcoin_builder_josh_jones_and_one_of/ Founder of Bitcoin Builder, Josh Jones, and one of mtgox's largest creditors just lost $37 million in a sim hack. : mtgoxinsolvency] (Dec 22, 2021)</ref> | ||
<ref name="reveddit-4663">[https://www.reveddit.com/v/btc/comments/f7lbae/30m_bch_sim_hack/?ps_after=1582350881 reveddit] (Dec | <ref name="reveddit-4663">[https://www.reveddit.com/v/btc/comments/f7lbae/30m_bch_sim_hack/?ps_after=1582350881 reveddit] (Dec 22, 2021)</ref> | ||
<ref name="thecanadiannews-4664">[https://thecanadian.news/2021/11/23/a-17-year-old-from-hamilton-charged-with-cryptocurrency-theft-of-46-million-allegedly-stolen-from-bitcoin-pioneer/ A 17-Year-Old From Hamilton Charged With Cryptocurrency Theft Of $ 46 Million Allegedly Stolen From Bitcoin Pioneer - The Canadian] (Dec | <ref name="thecanadiannews-4664">[https://thecanadian.news/2021/11/23/a-17-year-old-from-hamilton-charged-with-cryptocurrency-theft-of-46-million-allegedly-stolen-from-bitcoin-pioneer/ A 17-Year-Old From Hamilton Charged With Cryptocurrency Theft Of $ 46 Million Allegedly Stolen From Bitcoin Pioneer - The Canadian] (Dec 22, 2021)</ref> | ||
<ref name="newsghana-4665">[https://newsghana.com.gh/canadian-teen-arrested-for-us36-million-bitcoin-theft/ Canadian teen arrested for US$36 million Bitcoin theft | News Ghana] (Dec | <ref name="newsghana-4665">[https://newsghana.com.gh/canadian-teen-arrested-for-us36-million-bitcoin-theft/ Canadian teen arrested for US$36 million Bitcoin theft | News Ghana] (Dec 22, 2021)</ref> | ||
<ref name="cryptonomist-4666">[https://en.cryptonomist.ch/2020/10/07/josh-jones-bitcoin-house-ceo-playboy/ Josh Jones, the billionaire in Bitcoin buys the house of the CEO of Playboy] (Dec | <ref name="cryptonomist-4666">[https://en.cryptonomist.ch/2020/10/07/josh-jones-bitcoin-house-ceo-playboy/ Josh Jones, the billionaire in Bitcoin buys the house of the CEO of Playboy] (Dec 22, 2021)</ref> | ||
<ref name="jackofalltechs-7852">[https://jackofalltechs.com/2021/11/21/canada-detains-teen-for-alleged-36-million-cryptocurrency-theft/ Canada Detains Teen for Alleged $36 Million Cryptocurrency Theft - JackOfAllTechs.com] (May 31, 2022)</ref></references> | <ref name="jackofalltechs-7852">[https://jackofalltechs.com/2021/11/21/canada-detains-teen-for-alleged-36-million-cryptocurrency-theft/ Canada Detains Teen for Alleged $36 Million Cryptocurrency Theft - JackOfAllTechs.com] (May 31, 2022)</ref></references> | ||
Latest revision as of 16:10, 3 April 2024
Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Josh Jones left his funds on an exchange platform, secured through a two-factor authentication on a cell phone. The cell phone carrier was tricked into swapping the phone to another one by a 17 year old teen in Hamilton. Authorities eventually determined who the teen was when he (without employing any sort of privacy methods) spent some coins to buy a username for a video game. He's been arrested and convicted. There is no word on what Josh Jones recovered.
This exchange or platform is based in United States, or the incident targeted people primarily in United States.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16]
About Josh Jones
"According to various interviews and profiles, in 1996 [Josh] Jones co-founded DreamHost, a successful web hosting provider, with three fellow undergraduate classmates at Harvey Mudd College, a private college in California. In 2013, he sold his shares in that company, but has been involved in numerous other ventures."
"In 2010 he became one of the earliest investors in Bitcoin and has since amassed a fortune in the cryptocurrency. Other projects include starting an e-publishing business for children’s books, a California-based accelerator and an investment firm. The Bitcoin theft does not appear to have slowed his acquisitions — he recently bought an airline and has a production company that bought the animation rights to the long-running comic Groo the Wanderer."
"In a recent interview on the podcast LA Venture he’s dubbed the “richest, goofiest, most confident yet normal-seeming person.”"
"In the 31-minute episode he explains his “irrational self-confidence” that has led him to invest in companies or ideas that others view as too risky. He almost always believes he’s right, despite naysayers."
“Just the fact that everyone on earth thinks that Bitcoin is crazy, and no one is telling me why, doesn’t matter,” he says, recalling back to 2010 when he started mining Bitcoin."
Josh Jones was an entrepreneur and early adopter of cryptocurrency[17]. Jones amassed a significant fortune through ventures like DreamHost and Bitcoin Builder[17].
. The heist was orchestrated by a reclusive teenage hacker from the Greater Toronto Area (GTA), known for his involvement in cybercrime, including SIM swapping and hacking high-profile accounts. Despite efforts by law enforcement, only a fraction of the stolen funds have been recovered, leaving Jones in a precarious position. Meanwhile, the accused hacker faces charges and legal proceedings, highlighting the challenges of prosecuting crypto crimes.
The Reality
His openness about his wealth and involvement in the crypto community made him a target for hackers[17].
Sim swapping is a common vulnerability for cryptocurrency holders.
"The person carrying out the attack initially gathers as much personal data available to them online to build a picture of their target. With the information to hand, the hacker then tricks the target's mobile phone provider into switching their number over to a SIM car controlled by the attacker."
Police explained in a press release that a swap attack is a “method hijacking valuable accounts by manipulating cellular network employees to duplicate phone numbers so threat actors can intercept two-factor authorization requests.”
"Det. Const. Kenneth Kirkpatrick told CTV News Toronto that two-factor authentication is key in protecting your investments and funds." "He added that using different passwords for different websites and applications was also crucial."
What Happened
Josh Jones fell victim to a historic crypto heist, losing $46 million worth of bitcoin and Bitcoin Cash when he was targeted in the SIM swap attack in February 2020
| Date | Event | Description |
|---|---|---|
| August 24th, 2019 | Adam Dahlberg Breach Involvement | "chat logs show that, on August 24, 2019, the squad enlisted him to help them hack their next “targ,” as they called their victims: Adam Dahlberg, an American YouTuber and video game streamer better known as Sky Does Minecraft. The Squad would handle his telco while [the hacker]’s job was to get a blank SIM card, put it in a phone and, once they’d gained control of Dahlberg’s number, share the codes that appeared on his screen so they could reset his passwords." |
| February 21st, 2020 | Crypto Heist | In the evening of February 21st, 2020, Josh Jones reportedly fell victim to the SIM swap attack and had $46m worth of bitcoin and bitcoin cash stolen[17]. |
| May 14th, 2020 | Tectical Team Break-In | "At dawn on May 14, 2020, a tactical team from the Hamilton Police Service banged on [the hacker]’s door, stating that they had a search warrant. There was no time for [the hacker or his roommate] to answer—police rammed the door in, sending shattered glass across the apartment floor. Then came a stun grenade, loud and blinding. They ordered [his roommate] to lie face down with his hands behind his back. Then they sent in dogs and apprehended [the hacker]. The officers confiscated their electronics and took the young men away." |
| June 22nd, 2022 9:14:56 AM MDT | Toronto Life Article | Toronto Life publishes an article reporting on the theft[17]. The article describes Josh Jones as an entrepreneur and early adopter of cryptocurrency, who fell victim to a historic crypto heist, losing $46 million worth of bitcoin and Bitcoin Cash. The heist was orchestrated by a reclusive teenage hacker from the Greater Toronto Area (GTA), known for his involvement in cybercrime, including SIM swapping and hacking high-profile accounts. Despite efforts by law enforcement, only a fraction of the stolen funds have been recovered, leaving Jones in a precarious position. Meanwhile, the accused hacker faces charges and legal proceedings, highlighting the challenges of prosecuting crypto crimes[17]. |
Technical Details
"According to police, the victim had been targeted by a SIM swap attack, a method of manipulating cellular network carriers so scammers can intercept two-factor authentication requests."
"According to police, in February of 2020, the suspect—whose name is not being released—hijacked the victim’s phone by manipulating cellular network employees and intercepting two-factor authorization requests. This gave the suspect access to cryptocurrency stored on a wallet in the victim’s phone." The "17-year-old Hamilton boy" "is accused of orchestrating a SIM swap attack to steal $46M in cryptocurrency from a person in the United States."
The heist was orchestrated by a reclusive teenage hacker from the Greater Toronto Area (GTA), known for his involvement in cybercrime, including SIM swapping and hacking high-profile accounts[17]. The hacker had a tumultuous upbringing marked by financial struggles and family turmoil[17]. He found solace and a sense of empowerment in the online world, where he honed his skills in cybercrime, eventually becoming involved in SIM swapping and hacking activities[17].
Rodney was eventually diagnosed with ADHD. Apart from a handful of childhood acquaintances, he had few friends—at least in real life. He spent much of his time online, often immersed in video games. In the digital realm, he wasn’t bound by the circumstances of reality: his parents weren’t fighting, his mom wasn’t ill, he didn’t feel alone. On Facebook, he met another young gamer, whom I’ll call James, through a community of people who modified PlayStation 3 consoles. They bonded over their favourite games, including Fortnite. Rodney occasionally bought rare “skins,” graphics that changed the appearance of his characters, and resold them for as much as $900.
Total Amount Lost
The total amount lost has been estimated at $46,000,000 USD.
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Original Post On Reddit
"Rumours about the theft had been circulating online since early 2020 after someone — suspected but not confirmed to be Jones — posted about it on Reddit. That post has since been taken down, but many comments included criticism for leaving such a large amount of Bitcoin accessible on a phone."
Report Of Theft To Los Angeles FBI
"Jones first reported the theft to the Los Angeles FBI, who then brought in other U.S. and Canadian agencies as the investigation grew." "The Santa Clara County District Attorney’s Office, in the San Francisco Bay Area, confirmed it became involved after its specialized tech-crime team received tips after news of the theft spread in cryptocurrency circles."
"Hamilton Police began the investigation in March of 2020 and worked with the Federal Bureau of Investigations and the United States Secret Service Electronic Crimes Task Force."
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Online Username Purchase
“The joint investigation revealed that some of the stolen cryptocurrency was used to purchase an online username that was considered to be rare in the gaming community,.”
“This transaction led investigators to uncover the account holder of the rare username.”
"The suspect was tracked down and arrested for theft over $5,000.00 and possession of property or proceeds of property obtained by crime. This matter is before the courts."
"Hamilton police announced the arrest on Wednesday after a joint investigation with the Federal Bureau of Investigations (FBI) and the United States Secret Service Electronic Crimes Task Force that began in March 2020."
“This is currently the biggest cryptocurrency theft reported from one person,” Hamilton Police said in the press release.
Total Amount Recovered
Despite efforts by law enforcement, only a fraction of the stolen funds have been recovered worth around $7m as of November 2021[17].
Ongoing Developments
What parts of this case are still remaining to be concluded?
The accused hacker faces charges and legal proceedings, highlighting the challenges of prosecuting crypto crimes[17].
"Jones has never commented on the theft, including in recent interviews he’s given about his work and investments. He could not be reached for comment."
"Police are most likely trying to recover the missing funds, monitoring suspicious accounts in case they are used again. If [the hacker] has access to them, he’s sitting on a fortune that he can’t readily spend"[17]
General Prevention Policies
Cell phone providers are not generally very secure, and can often be used to get back into email or reset passwords. It's not really two-factor if the single factor (your phone number) can be used to recover or bypass all the other factors. You need to use a device which is physically different for the second factor. It's a good idea to have as many factors as a platform will let you, and platforms should allow for more than just two factors.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ Ontario teen allegedly stole $46 million in cryptocurrency from one person in the U.S.: police | CP24.com (Dec 4, 2021)
- ↑ CityNews (Dec 21, 2021)
- ↑ Hamilton teen busted in 'biggest ever' $46M cryptocurrency heist | Toronto Sun (Dec 22, 2021)
- ↑ https://www.thespec.com/news/crime/2021/11/23/hamilton-cryptocurrency-bitcoin-theft.html (Dec 22, 2021)
- ↑ Canada teen 'stole $46million in cryptocurrency from a single person in America' | Daily Mail Online (Dec 22, 2021)
- ↑ Hamilton youth charged after $46M in cryptocurrency stolen from U.S. resident was used to get gaming username | Radio-Canada.ca (Dec 22, 2021)
- ↑ Crypto Sim Swap Victim Joshua Jones Lost ₿43,768 in Mt. Gox Hack (Dec 22, 2021)
- ↑ Founder of Bitcoin Builder, Josh Jones, and one of mtgox's largest creditors just lost $37 million in a sim hack. : mtgoxinsolvency (Dec 22, 2021)
- ↑ reveddit (Dec 22, 2021)
- ↑ A 17-Year-Old From Hamilton Charged With Cryptocurrency Theft Of $ 46 Million Allegedly Stolen From Bitcoin Pioneer - The Canadian (Dec 22, 2021)
- ↑ Canadian teen arrested for US$36 million Bitcoin theft | News Ghana (Dec 22, 2021)
- ↑ Josh Jones, the billionaire in Bitcoin buys the house of the CEO of Playboy (Dec 22, 2021)
- ↑ Canada Detains Teen for Alleged $36 Million Cryptocurrency Theft - JackOfAllTechs.com (May 31, 2022)
- ↑ https://twitter.com/doveywan/status/1231073856669933569
- ↑ https://www.thestar.com/ths/news/crime/2022/06/24/hamilton-bitcoin-theft.html
- ↑ https://newsletter.blockthreat.io/p/blockthreat-week-25-2022 (Accessed Mar 23, 2023)
- ↑ 17.00 17.01 17.02 17.03 17.04 17.05 17.06 17.07 17.08 17.09 17.10 17.11 THE CASE OF THE MISSING $46 MILLION - Toronto Life (Accessed Apr 3, 2024)