Unknown Platform Cyber-Squatting

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Users of an unnamed popular cryptocurrency exchange platform found themselves tricked into providing their assets to cybercriminals. The criminals set up sites which looked identical to the exchange, and were able to gain login and authentication details, ultimately making off with $27.2m USD of cryptocurrencies. The criminals were later brought to justice.

This is a global/international case not involving a specific country.[1][2][3][4][5][6]

About Unknown

"[T]he criminal endeavor involved a "typosquatting" scam in which a "well-known" (but unnamed) online crypto exchange was cloned in order to gain access to victims’ crypto wallet login details and steal funds." "The investigation relates to typosquatting, where a well-known online cryptocurrency exchange was ‘spoofed’ – or recreated to imitate the genuine site - to gain access to victims’ Bitcoin wallets, stealing their funds and login details."

"Typosquatting sees scammers create webpages that fool you into believing they are legitimate by having almost legitimate URLs. If a user is careless or in a hurry it’s all too easy to not notice that you are on a site called example.om rather than example.com, for instance." "The typosquatting fraudsters produced a site that imitated a genuine site to gain entry to their crypto-casualties' Bitcoin wallets to free them of those lovely funds and their login details." "Europol states that the six arrested created a nearly identical website and URL address which imitated a prominent cryptocurrency exchange."

"[The] fake exchange website has managed to steal €24 million (over $27 million) in cryptocurrency from thousands of victims." "[T]he scam is thought to have led to at least 4,000 victims in 12 countries losing bitcoin to the scam, though Europol says the number of known victims are still growing."

"The police investigation began in April 2018, after an individual in Wiltshire contacted UK police to report that they had lost £17,000 worth of Bitcoin. Law enforcement agencies estimate that there are more than four thousand victims in at least 12 countries, amounting to a haul of over €24 million."

“The investigation has grown from a single report of £17k worth of bitcoin stolen from a Wiltshire-based victim to a current estimate of more than four thousand victims in at least 12 countries. We expect that number to grow. As part of today’s operation, we’ve seized a large number of devices, equipment and valuable assets with huge support from our colleagues in Avon and Somerset Police, Wiltshire Police, Tarian and the South East ROCU. Devon and Cornwall and the Metropolitan Police also provided vital help in the form of their two cyber dogs, who played key roles in searching suspects’ homes.”

"This case was referred to the European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) hosted at Europol after the British authorities identified possible suspects living in the Netherlands. Operational support delivered by EC3 since February 2018 allowed the J-CAT to coordinate the international cooperation between the different EU Member States involved."

"Europol said in a press release Wednesday that six individuals have now been arrested over the scam in an operation that also involved the UK’s South West Regional Cyber Crime Unit and National Crime Agency, along with Dutch police and Eurojust." "A larger number of electronic devices and equipment were seized at the homes of those arrested, and will now be examined by the UK’s South West Regional Cyber Crime Unit (SW RCCU)."

"Five men and one woman were simultaneously arrested yesterday at their homes in several U.K. locations, as well as Amsterdam and Rotterdam in the Netherlands." "The five men and one woman were arrested in simultaneous warrants this morning at their homes in Charlcombe, Lower Weston and Staverton (UK) and Amsterdam and Rotterdam (the Netherlands)."

"Those apprehended in the UK were arrested on suspicion of committing computer misuse and money laundering offences, while their Dutch counterparts – including a 19-year-old woman in Amsterdam – have been arrested on suspicion of money laundering."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Unknown Platform Cyber-Squatting
Date Event Description
June 25th, 2019 Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost has been estimated at $27,200,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

It's unclear which platform was involved, however that platform could require an email confirmation when users request access from a new IP address, and only grant access if that link is clicked from the same IP as requested access. Keys can be a shared multi-sig between the exchange and the end user to further prevent unauthorized transfers.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Six Arrested Over Cloned Crypto Exchange That Stole €24 Million - CoinDesk (Dec 12, 2021)
  2. 6 arrested in the UK and Netherlands in €24 million cryptocurrency theft | Europol (Dec 27, 2021)
  3. It could be Rotterdam or anywhere, Wiltshire or in Bath: Euro cops cuff 6 for cybersquatting, allegedly nicking €24m in Bitcoin • The Register (Dec 27, 2021)
  4. Cryptocurrency Arrests Sees UK and Europol Haul in Six For The Theft of £21 Million (Dec 27, 2021)
  5. After €24 million stolen by typosquatting a cryptocurrency exchange, six people arrested (Dec 27, 2021)
  6. Europol Detains Six People For Plundering $27.2 Million Worth Of Cryptocurrency In The UK And Netherlands (Dec 27, 2021)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Unknown_Platform_Cyber-Squatting&oldid=3678"