ChiragTomar,a31-year-oldIndiancitizen,wassentencedtofiveyearsinfederalprisonfororchestratingacryptocurrencyfraudschemethatdefraudedhundredsofvictimsoutofmorethan$20million.
U.S.DistrictJudgeKennethD.Bellhandeddownthesentence,whichalsoincludedtwoyearsofsupervisedrelease.
ScammersImitateCoinbasetoStealMillions
Accordingtocourtdocuments,Tomarandhisco-conspiratorsexecutedthefraudby“spoofing”awebsitedesignedtoimitatethelegitimatecryptocurrencyexchangeCoinbase.
FromJune2021,thegroupsetupafraudulentversionoftheexchange’sprofessionaltradingsite,Pro.Coinbase.com,usingafakeURL,CoinbasePro.com.VictimswhoattemptedtologintotheirCoinbaseaccountsweretrickedintoprovidingtheirlogincredentials.
OneofthetacticsusedinvolvedimpersonatingCoinbasecustomerservicerepresentativesandconvincingvictimstohandovertwo-factorauthentication(2FA)codes.Inotherinstances,fraudstersinstructedtheseindividualstoinstallremotedesktopsoftwarethatwouldgivethemfullcontroloftheircomputers.
Tomarusedtheill-gottencredentialstoaccessmultiplevictimaccountsandtransferfundstowalletsunderhiscontrol.Hethenconvertedthecryptocurrencyintootherdigitalassets,movingthembetweenseveralwalletstohidethetransactions.Eventually,thefundswereconvertedintocashanddistributedamongstthecriminalgroup.
The31-year-oldusedthestolenmoneytofundalavishlifestyle,purchasingluxurywatcheslikeAudemarsPiguet,high-endvehicleslikeLamborghinisandPorsches,andtravelingtodestinationssuchasDubaiandThailand.
$240,000TheftandArrest
Theschemeimpactedtargetsfromallovertheworld,includingthosebasedinNorthCarolina’sWesternDistrict.InFebruary2022,alocalattemptedtoaccesshisCoinbaseaccountthroughthespoofedsite.ThefakewebsiteinstantlyalertedthemthattheiraccountwaslockedanddirectedthemtocallanumberprovidedtoreachafakeCoinbaserepresentative.
Thesupposedrepresentativethendeceivedthemintogivinguptheir2FAdetails.Thisallowedthefraudstersaccesstotheirtarget’slegitimateCoinbaseaccount.Withthisinformation,thecriminalsstoleover$240,000worthofcryptocurrencyfromtheaccount’sassociatedwallet.
Itisnotthefirsttimesuchincidentshaveoccurred.In2021,authoritieschargedSoufianceOulahyawithstealing$450,000incryptocurrenciesandNFTsfromaManhattanvictimbyspoofingtheOpenSeamarketplace.
Additionally,ConvexFinancehadtointroducetwoalternativenewURLsafteritsDNSwashijackedinaspoofingattack,whichcauseduserstoapprovemaliciouscontractsunknowingly.Followingconfirmationofthehijack,Convexrevealedthatfivewalletshadbeenaffected,thoughverifiedcontractsremainedsecure.
Themenaceisn’tconfinedtocryptoalone.In2020,JPMorganwasfinednearly$1billionbyU.S.authoritiesforitsspoofingpracticesinmetalsfuturesandTreasurysecuritiesafterbeingimplicatedintheFinCENfilesforallegedlylaunderingasmuchas$2trillionworthof“dirtymoney.”
cryptopotato.com