Source: a video screenshot
The European Union Agency for Law Enforcement Cooperation (Europol) has arrested a man in Oxford, UK, on suspicion of stealing around USD 11.4 million worth of cryptocurrency IOTA from a total of 85 people over the past year. The Europe-wide investigation involved state police from Hesse in Germany and the National Crime Agency, aside from Europol.
Europol published a video from the arrest:
The thefts started in January 2018, when the hacker, under the screen name Norbertvdberg, reportedly provided assistance to other IOTA users. In the meantime, he set up the website iotaseed.io, which he advertised as a random seed (password) generator, according to Europol. The site offered to help IOTA users generate unique passwords that are compliant with the specifications of various IOTA wallet apps, like needing to be 81-digit-long and using certain characters.
The hacker went a step further to convince unsuspecting victims of his legitimacy, by creating a GitHub, a web-based hosting service that is most often used for code, repository that claimed to contain the source code of the iotaseed.io service – but according to an analysis from Alex Studer, a UK student, the code generated predictable passwords that the hacker was secretly logging. The password always used a fixed seed plus a counter variable that increases by one every time the program is run, making the password extremely easy to figure out.
The website ran from August 2017 until January 2018, and Norbertvdberg reportedly started stealing funds in January 2018. However, victims filed reports to authorities and the Hessen State Police in Germany started an official investigation last year. The hacker was identified in July 2018, and he was arrested yesterday, January 23rd, on charges of fraud, theft, and money laundering.
Profitable year for scammers
Meanwhile, the scamming business in the cryptoverse, unfortunately, remains as lucrative as ever. According to a report from blockchain analysis firm Chainalysis, scammers made off with USD 36 million in ETH throughout 2018. For comparison, in 2017, they made USD 17 million – doubling their income in the next year. And this is only for scammers, or those who simply ask for the money by promising to send back a bigger amount – hackers, defined as malicious actors who exploit bugs and malware to steal cryptocurrency are usually making even bigger bucks.
Ponzi schemes were the preferred method of duping the gullible in 2018, according to the report. Scammers simply send out emails to cryptocurrency owners, or tweet at them, asking them to contribute money for which they’d see a guaranteed return. Of course, the return was simply derived from other people contributing to the pot, not from any genuine investment. Another method that brought on significant losses was the fake ICO (initial coin offering) method, which simply saw the malicious actors raise funds and pull exit scams, never to be heard from again.