Indian man stole $37 million in crypto using fake Coinbase Pro site
An Indian national pleaded guilty to wire fraud conspiracy for stealing over $37 million through a fake Coinbase website used to steal credentials.
Chirag Tomar, 30, was arrested at the Atlanta airport on December 20, 2023, following investigations by the U.S. Secret Service with assistance from the FBI in Nashville.
Stealing Coinbase credentials
Tomar and his co-conspirators created a fake website to mimic the Coinbase Pro website in June 2021 using the "coinbasepro.com" domain.
The site was created to trick legitimate Coinbase customers into entering their login credentials and two-factor authentication codes, thinking it was the actual site.
Coinbase Pro is a now-defunct platform designed for professional cryptocurrency traders and investors, offering advanced features like real-time order books and detailed charting.
The platform was eventually shut down on November 9, 2022, with its functionality and features being integrated into the main Coinbase platform in a consolidation move by the service.
During that time, Tomar engaged in phishing Coinbase accounts, assuming control of other people's cryptocurrency wallets and then transferring their funds onto wallets under his control.
The phishing process involved social engineering, with a fake login error prompting the victims to call a supposed Coinbase representative, who then breached the victim's computer using remote access software.
"Other times, victims were tricked into allowing fake Coinbase representatives into executing remote desktop software, which enabled fraudsters to gain control of victims' computers and access their legitimate Coinbase accounts," reads the DOJ's announcement.
"The fraudsters also impersonated Coinbase customer service representatives and tricked the users into providing their two-factor authentication codes to the fraudsters over the phone."
One case highlighted in the U.S. Department of Justice announcement involves a North Carolina-based victim losing $240,000 worth of digital assets to Tomar and his co-conspirators.
"As Tomar admitted in court today, Tomar controlled several cryptocurrency wallets that received hundreds of transactions of cryptocurrency stolen from victim accounts at Coinbase, totaling tens of millions of dollars," the Department of Justice describes.
"After Tomar received the stolen cryptocurrency, he would quickly convert it to other forms of cryptocurrency or move the funds amongst many wallets controlled by Tomar and others."
"Ultimately, the cryptocurrency was converted into cash which was then distributed to Tomar and his co-conspirators."
Tomar used the stolen funds to support a lavish lifestyle, purchasing luxury items such as Rolex watches, Lamborghinis, and Porsches and trips to Dubai and Thailand.
The fraudster now faces a maximum prison sentence of 20 years and a fine of $250,000. The dates of the next hearings and sentencing have yet to be determined.
source: BleepingComputer
Free security scan for your website
Top News:
Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)
November 18, 2024CWE top 25 most dangerous software weaknesses
November 21, 2024Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor
November 21, 2024Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
November 23, 2024Download: CIS Critical Security Controls v8.1
August 8, 2024Hackers now use AppDomain Injection to drop CobaltStrike beacons
August 24, 2024