Chinese Cryptocurrency Heist

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 15:31, 24 January 2023 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/chinesecryptocurrencyheist.php}} More than $87m worth of cryptocurrency appears to have been stolen from Chinese investors, including $14.5m from one investor. These thefts apparently happened through hacking into their computers and installing malware which swaps the cryptocurrency addresses for payments. This exchange or platform is based in China, or the incident targeted people primarily in C...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

More than $87m worth of cryptocurrency appears to have been stolen from Chinese investors, including $14.5m from one investor. These thefts apparently happened through hacking into their computers and installing malware which swaps the cryptocurrency addresses for payments.

This exchange or platform is based in China, or the incident targeted people primarily in China.

About None

"In March [2018], Zhang had registered a complaint with the police department in Xi’an, the capital of the Shaanxi province in central China. The Chinese resident claimed that digital currency worth about $14.5 million had been stolen from his crypto account after his computer was hacked." "In total, digital currencies valued at around $87 million (or 600 million Chinese yuan) has been reported to be stolen from crypto accounts belonging to private local corporations and individuals."

"The Chinese police officers began investigating the cryptocurrency heist in March 2018. It began when a man from the city filed a complaint regarding his stolen cryptocurrency tokens. The man noted that 100 million yuan in Bitcoin and Ethereum was stolen from him."

"The Jakarta Post reported that the transfer of the stolen cryptocurrencies provided the Shaanxi police with a digital trail. It was, however, an extremely difficult task. The Chinese police had to analyze over 30,000 pieces of information and work with domestic internet companies before they could find the trail but once they found the trail, it led them to someone called Zhou who was located in the Central Province of Hunan."

"According to police reports, local authorities have now managed to identify a suspect, with the last name Zhou, who may have hacked into Zhang’s computer and stolen his crypto assets. Police investigators noted that Zhou’s online activities were tracked with the help of several unnamed local internet companies."

"Notably, the investigation also led to the arrest of two other Chinese hackers who are suspected of stealing millions of dollars worth of cryptocurrency by breaking into the personal computers of various other local residents."

"These hackers were found to have been using malware programs to alter the intended recipient’s crypto address to one belonging to them. This malicious activity has reportedly led to huge amounts of digital currency being stolen, as the payments are sent to the cybercriminals’ accounts, instead of the intended recipients."

"A task force was set up and a preliminary investigation revealed that hackers had used remote hijacking techniques to gain access and control of cryptocurrency accounts belonging to the victim – only identified as Zhang – with nearly no footprints of the crime."

"The investigation progressed and three months later, the task force was able to spot a suspect, named Zhou, with the help of ‘well-known’ internet companies in China. Authorities kept their distance and began tracking Zhou’s activities for a further two months. Before long, police identified two other accomplices by snooping in on Zhou’s communication." "The investigators enlisted the help of internet companies and police across the country. After three months of work, a suspect ("Zhou") was identified. Zhou was observed for two months, and two accomplices ("Cui" and "Zhang") were identified."

"The three suspects from China’s capital Beijing and its Changchun and Hunan provinces were taken into police custody on August 15th, after a 30-day investigation by local authorities. These arrests have reportedly been linked to a complaint filed by a Chinese citizen with the surname Zhang." "The three were arrested in a coordinated operation on August 15 in Hunan, Changchun, and Beijing. All suspects turned out to be experienced hackers, and their haul estimated at 600 million yuan."

"Chinese authorities believe that the three identified suspects might be responsible for the theft." "The South China Morning Post reported that the three suspects were very experienced with hacking technology and that they were interested since they were 12 and 13. Furthermore, the three hackers also had extensive corporate experience and worked for large internet companies."

"The hackers apparently separated the money from the cryptocurrency heist. They broke the total amount into smaller components and underwent many transactions to cover their tracks."

An officer in Shaanxi commented: “Unfortunately, our bureau has not dealt with this kind of case before. It’s the first virtual currency-related case in Shaanxi.”

"Although police investigations are still ongoing, the large amount of cryptocurrency allegedly stolen raises serious concerns, as there are now numerous cases of cybercriminals targeting digital currency investors."

This exchange or platform is based in China, or the incident targeted people primarily in China.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Chinese Cryptocurrency Heist
Date Event Description
August 18th, 2018 12:00:00 AM First Event This is an expanded description of what happened and the impact. If multiple lines are necessary, add them here.

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

It is unknown how much was recovered.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Prevention Policies

Care needs to be taken whenever signing a transaction to ensure that the recipient is correct. It is best to make regular use of a separate computer or hardware wallet for transaction signing, which is not used for any other activities and ideally kept offline.

References

$87 Million In Cryptocurrency Allegedly Stolen By Chinese Hackers, Local Authorities Report | Cryptoglobe (Apr 23)

https://crypto.news/three-suspects-in-chinas-biggest-87-million-cryptocurrency-heist-arrested-by-police/ (May 24)

https://www.scmp.com/news/china/society/article/2160387/chinas-biggest-ever-bitcoin-hacking-case-sees-three-held-over?module=perpetual_scroll_0&pgtype=article&campaign=2160387 (May 26)

https://www.thejakartapost.com/news/2018/08/19/chinese-police-arrest-suspects-after-87-million-cryptocurrency-theft-.html (May 26)

https://www.ccn.com/chinese-police-arrest-hackers-behind-87-million-cryptocurrency-theft/ (May 26)

Three Arrested in China Over $87 Million Cryptocurrency Hacking Theft | Finance Magnates (May 26)

Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Chinese_Cryptocurrency_Heist&oldid=374"