Unknown Platform Cyber-Squatting

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Users of an unnamed popular cryptocurrency exchange platform found themselves tricked into providing their assets to cybercriminals. The criminals set up sites which looked identical to the exchange, and were able to gain login and authentication details, ultimately making off with $27.2m USD of cryptocurrencies. The criminals were later brought to justice.

This is a global/international case not involving a specific country.

About Unknown

"[T]he criminal endeavor involved a "typosquatting" scam in which a "well-known" (but unnamed) online crypto exchange was cloned in order to gain access to victims’ crypto wallet login details and steal funds." "The investigation relates to typosquatting, where a well-known online cryptocurrency exchange was ‘spoofed’ – or recreated to imitate the genuine site - to gain access to victims’ Bitcoin wallets, stealing their funds and login details."

"Typosquatting sees scammers create webpages that fool you into believing they are legitimate by having almost legitimate URLs. If a user is careless or in a hurry it’s all too easy to not notice that you are on a site called example.om rather than example.com, for instance." "The typosquatting fraudsters produced a site that imitated a genuine site to gain entry to their crypto-casualties' Bitcoin wallets to free them of those lovely funds and their login details." "Europol states that the six arrested created a nearly identical website and URL address which imitated a prominent cryptocurrency exchange."

"[The] fake exchange website has managed to steal €24 million (over $27 million) in cryptocurrency from thousands of victims." "[T]he scam is thought to have led to at least 4,000 victims in 12 countries losing bitcoin to the scam, though Europol says the number of known victims are still growing."

"The police investigation began in April 2018, after an individual in Wiltshire contacted UK police to report that they had lost £17,000 worth of Bitcoin. Law enforcement agencies estimate that there are more than four thousand victims in at least 12 countries, amounting to a haul of over €24 million."

“The investigation has grown from a single report of £17k worth of bitcoin stolen from a Wiltshire-based victim to a current estimate of more than four thousand victims in at least 12 countries. We expect that number to grow. As part of today’s operation, we’ve seized a large number of devices, equipment and valuable assets with huge support from our colleagues in Avon and Somerset Police, Wiltshire Police, Tarian and the South East ROCU. Devon and Cornwall and the Metropolitan Police also provided vital help in the form of their two cyber dogs, who played key roles in searching suspects’ homes.”

"This case was referred to the European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) hosted at Europol after the British authorities identified possible suspects living in the Netherlands. Operational support delivered by EC3 since February 2018 allowed the J-CAT to coordinate the international cooperation between the different EU Member States involved."

"Europol said in a press release Wednesday that six individuals have now been arrested over the scam in an operation that also involved the UK’s South West Regional Cyber Crime Unit and National Crime Agency, along with Dutch police and Eurojust." "A larger number of electronic devices and equipment were seized at the homes of those arrested, and will now be examined by the UK’s South West Regional Cyber Crime Unit (SW RCCU)."

"Five men and one woman were simultaneously arrested yesterday at their homes in several U.K. locations, as well as Amsterdam and Rotterdam in the Netherlands." "The five men and one woman were arrested in simultaneous warrants this morning at their homes in Charlcombe, Lower Weston and Staverton (UK) and Amsterdam and Rotterdam (the Netherlands)."

"Those apprehended in the UK were arrested on suspicion of committing computer misuse and money laundering offences, while their Dutch counterparts – including a 19-year-old woman in Amsterdam – have been arrested on suspicion of money laundering."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

Known history of when and how the service was started.
What problems does the company or service claim to solve?
What marketing materials were used by the firm or business?
Audits performed, and excerpts that may have been included.
Business registration documents shown (fake or legitimate).
How were people recruited to participate?
Public warnings and announcements prior to the event.

Don't Include:

Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

When the service was actually started (if different than the "official story").
Who actually ran a service and their own personal history.
How the service was structured behind the scenes. (For example, there was no "trading bot".)
Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Unknown Platform Cyber-Squatting
Date	Event	Description
June 25th, 2019 12:00:00 AM	First Event	This is an expanded description of what happened and the impact. If multiple lines are necessary, add them here.

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

It is unknown how much was recovered.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Prevention Policies

It's unclear which platform was involved, however that platform could require an email confirmation when users request access from a new IP address, and only grant access if that link is clicked from the same IP as requested access. Keys can be a shared multi-sig between the exchange and the end user to further prevent unauthorized transfers.