News

Indian Nation Pleads Guilty in $37 Million Cryptocurrency Theft Scheme

Published

6 months ago

on

An Indian national has pleaded guilty in the United States to charges of stealing more than $37 million by creating a website impersonating cryptocurrency trading platform Coinbase.

Chirag Tomar, 30, pleaded guilty to conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison and a $250,000 fine. He was arrested on December 20, 2023, as soon as he entered the country.

“Tomar and his co-conspirators engaged in a scheme to steal millions in cryptocurrency from hundreds of victims around the world and in the United States, including in the Western District of North Carolina,” the Department of Justice (DoJ) said. She said last week.

The website, created around June 2021, was called “CoinbasePro[.]com” in an attempt to masquerade as Coinbase Pro and trick unsuspecting users into thinking they were accessing the legitimate version of the virtual currency exchange.

It is worth noting that Coinbase interrupted the offering to Advanced Trade in June 2022. The phased migration of Coinbase Pro customers to Coinbase Advanced was completed on November 20, 2023.

Victims who entered credentials on the counterfeit site had their login information stolen by scammers and in some cases were tricked into granting remote desktop access which allowed the criminal perpetrators to access their Coinbase accounts legitimate.

“The scammers also impersonated Coinbase customer service representatives and tricked users into providing their two-factor authentication codes to the scammers over the phone,” the DoJ said.

“Once the scammers gained access to the victims’ Coinbase accounts, they quickly transferred the victims’ Coinbase cryptocurrency holdings to cryptocurrency wallets under the scammers’ control.”

In one case highlighted by prosecutors, an unnamed victim located in the Western District of North Carolina had more than $240,000 worth of cryptocurrency stolen this way after being tricked into calling a fake Coinbase representative under the guise of blocking the own trading account.

Tomar is believed to have been in possession of several cryptocurrency wallets that received stolen funds totaling tens of millions of dollars, which were later converted into other forms of cryptocurrency or moved to other wallets and ultimately cashed out to fund a style of sumptuous life.

This included expensive watches from brands such as Rolex, the purchase of luxury vehicles such as Lamborghini and Porsche, and several trips to Dubai and Thailand.

The development comes with the arrest of a Special Investigation Team (SIT) associated with the Criminal Investigation Department (CID) in the Indian state of Karnataka Srikrishna Ramesh (aka Sriki) and his alleged co-conspirator Robin Khandelwal for stealing 60.6 bitcoins from a cryptocurrency exchange company called Unocoin in 2017.

US takes action against North Korea’s freelance IT army

It also follows a new wave of arrests in the United States in connection with an essay multi-year regime designed to help North Korea-linked IT workers obtain remote jobs at more than 300 U.S. companies and advance the country’s weapons of mass destruction program in violation of international sanctions.

Among those arrested is Oleksandr Didenko, a 27-year-old Ukrainian citizen, accused of creating fake accounts on US IT job search platforms and selling them to foreign IT workers to get jobs.

He is also said to have operated a now dismantled service called UpWorkSell which advertised “the ability for remote IT workers to purchase or rent accounts in the names of identities other than their own on various online freelance IT job search platforms.”

According to the affidavit in support of the complaint, Didenko operated approximately 871 “proxy” identities, provided proxy accounts for three U.S. freelance IT rental platforms, and provided proxy accounts for three different U.S.-based money services transmitters.

Didenko’s accomplice, Christina Marie Chapman, 49, was also arrested for operating what is called a “laptop farm” by hosting multiple laptops at her residence to allow North Korean IT workers to give the impression they were in the U.S. and apply. for remote work positions in the country.

“The conspiracy […] resulted in the generation of at least $6.8 million in revenue for IT workers overseas,” Chapman’s indictment reads, adding that the workers found jobs at numerous blue-chip American companies and exfiltrated data from at least two of them, including a multinational restaurant chain and a classic American clothing brand.

Charges were also filed against Minh Phuong Vong of Maryland, a Vietnamese citizen and naturalized U.S. citizen, for conspiring with an unknown party to commit wire fraud by obtaining employment with U.S.-based companies when, in reality, remote IT workers based in China they posed as Vong to work on the government’s software development project.

There are indications that the second individual, referred to as “John Doe”, is North Korean and works as a software developer in Shenyang, China.

“Vong […] did not engage in software development activities,” the DoJ She said. “Instead, Vong worked at a nail salon in Bowie, Maryland, while one or more individuals residing in China used Vong’s login credentials to connect to a secure government website, perform software development work, and participate in regular online company meetings.”

At the same time, the DoJ said it took control of as many as 12 websites used by IT workers to secure remote work contracts by masquerading as US-based IT services companies offering artificial intelligence, blockchain and cloud computing solutions.

AS previously disclosed in court documents from late last year, these IT workers – part of the Workers’ Party of Korea’s Munitions Industry Department – ​​are known to be sent to countries such as China and Russia, from where they are hired as freelancers with l The ultimate goal is to generate income for the Hermit Kingdom.

“North Korea is evading US and UN sanctions by targeting private companies to illicitly generate substantial revenue for the regime,” the US Federal Bureau of Investigation (FBI) said. She said in a consultation.

“North Korean IT workers use a variety of techniques to obfuscate their identities, including exploiting US-based individuals, both knowing and unknowing, to gain fraudulent employment and access to US corporate networks to generate this revenue.”

A recent Reuters report revealed that North Korean threat actors have been linked to 97 suspected cyberattacks cryptocurrency company between 2017 and 2024, netting them $3.6 billion in illicit profits.

Adversaries are estimated to have laundered the $147.5 million stolen last year from the hack of cryptocurrency exchange HTX through the virtual currency platform Tornado Cash in March 2024.

Did you find this article interesting? Follow us on Twitter AND LinkedIn to read the most exclusive content we publish.


Fuente

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

Trending

Exit mobile version