Bitcoin News — Crimes

Swedish Man Sentenced After Sending Bomb to Crypto Firm Over Lost Password

Posted by Helen Partz on

A Swedish man was sentenced to six and a half years in prison after sending a bomb to employees of the Cryptopay Bitcoin wallet, debit card service, and exchange platform.

A Swedish court has sentenced a man to six and a half years in prison after he sent a "potentially lethal homemade bomb” to a U.K.-based crypto firm, BBC reports today, Nov. 9.

Jermu Michael Salonen, 43, faced several charges in the Stockholm District Court, including sending a bomb to Cryptopay employees in London, and mailing a white powder to Swedish politicians — including the prime minister.

Salonen was allegedly attempting to take revenge on the firm for refusing to change his password on the Cryptopay platform in August 2017. As BBC reports, Cryptopay refused the request, as such a change would contravene company policy.

Salonen sent an explosive device in a padded envelope addressed to two Cryptopay employee’s in Hackney, London in November 2017, and the package was delivered to an accounting firm previously used by Cryptopay.

Several months later in March 2018, a worker at the office began opening the package, but stopped when he became suspicious of the contents. The package was referred to the Met Police Counter Terrorism Command who forwarded DNA information from the bomb to Interpol, alerting Swedish authorities to Salonen’s activities. According to BBC, Salonen was already known to Swedish police.

Founded in late 2014, Cryptopay is a Bitcoin (BTC) wallet, debit card service, and exchange for U.K. and European Union clients. Cryptopay co-founder George Basiladze told Cointelegraph that the firm had changed offices a “few months before the parcel was delivered.” No one was hurt in the incident, and “none of [Cryptopay’s] employees have ever worked at that address.”

Following the recent news, Cryptopay subsequently tweeted that resetting a password is “no problem,” in case it is forgotten:


Source: Cryptopay Twitter

On Oct. 31, a number of firms in Amsterdam faced another case of crypto extortion by email, with an anonymous individual threatening an attack with hand grenades if they did not send 50,000 euro ($57,000) to his Bitcoin wallet.

Earlier this year, Cointelegraph reported that Russian crypto blogger and trader Pavel Nyashin has been found dead in his apartment in Saint Petersburg. Nyashin had been previously assaulted, when attackers stole around $425,000 in cash after he boasted of his crypto wealth online. While an investigation was opened subsequently in May, there is still no news on the matter.

Read more →

U.S. Law Firm Files Claims Against AT&T, T-Mobile Over SIM Swap-Enabled Crypto Thefts

Posted by Marie Huillet on

U.S. crypto investor law firm Silver Miller has filed arbitration claims against telecoms giants AT&T and T-Mobile on behalf of crypto holders who suffered thefts due to “SIM-swaps.”


U.S. crypto investor law firm Silver Miller has filed arbitration claims against telecoms giants AT&T and T-Mobile for “SIM-swap”-related thefts, according to a press release published Nov. 8

SIM-swapping – also known as a ‘port-out scam’ – involves the theft of a cell phone number in order to hijack online financial and social media accounts, enabled by the fact that many firms  use automated messages or phone calls to handle customer authentication.

According to one of the (partially redacted) Silver Miller Statement of Claim documents – filed against AT&T on behalf of crypto holders who allegedly suffered thefts via sim-swapping – the Dallas-based telecoms “behemoth” had operating revenues of over $160 billion and assets of over $444 billion as of 2017.

The claim alleges that “as a result of AT&T’s failures,” Silver Miller’s client was robbed of crypto asset holdings worth over $621,000 in a SIM swap, even after AT&T had assured him it had heightened security on his account following an earlier attempted hack.

As Silver Miller contends, AT&T is well-aware of the “pervasive harm” posed by SIM-swaps, having issued “public advisories” in the past warning that the threat is “industry-wide” and assuring the public of its safeguards against the practice.

AT&T is accused of acting “as a co-conspirator to the theft or through abject negligence” by transferring the account holder’s cell phone number to the attacker, and “exhibiting bad faith through its conscious awareness of and deliberate indifference to the risk to Claimant’s Personal Information.”

As per Silver Miller, AT&T’s failures further included “improperly hiring, training, and supervising its employees,” and “failing to invest in adequate security protections.”

According to the press release, other cases filed by the firm against T-Mobile pertain to victims who lost  $400,000 and $250,000 respectively, in similar SIM-swap incidents.

This summer, Cointelegraph interviewed Michael Terpin, an American blockchain and long-time crypto investor, who has sued AT&T for negligence that allegedly resulted in the theft of over $24 million in crypto holdings.

Terpin, who co-founded BitAngels in 2013 and, more recently, blockchain PR firm Transform Group, emphasized that many “smaller” crypto tokens cannot be kept in cold storage, and that – particularly if staked – they must be kept in a native wallet. They are thus more vulnerable to negligence, or even alleged complicity by the gatekeepers of user identity data. He advised investors to use a “Google voice” number, as:

“[Y]ou have to have something that does not have a retail store where a $10-an-hour employee can be bribed to give up your information and your digital life.”

Read more →

US SEC Charges, Fines EtherDelta Founder with Operating Unregistered Securities Exchange

Posted by Ana Berman on

U.S. securities watchdog charges Zachary Coburn, founder of crypto trading platform EtherDelta, with operating an unregistered exchange.

The U.S. Securities and Exchange Commission (SEC) has charged Zachary Coburn, the founder of crypto token trading platform EtherDelta, with operating an unregistered securities exchange, a press release by the SEC reveals Thursday, Nov. 8.

EtherDelta, which served as a secondary marketplace for trading ERC20 tokens, allows its users to buy and sell digital assets by means of an order book and smart contracts based on the Ethereum blockchain.

According to the SEC, over an 18-month operating period, EtherDelta's users placed more than 3.6 million orders for tokens, including ones that are considered securities by U.S. federal laws.

The regulator notes that most of the orders were executed after the DAO report that SEC had released in June 2017. Under the current law, EtherDelta was obliged to register in U.S. or to apply for an exemption; however, the SEC notes that the platform failed to do so.

According to the regulator, EtherDelta founder Coburn neither admitted nor denied the findings, but he consented to cooperate and to pay the state $300,000 in unlawful profits. Moreover, he agreed to pay $13,000 in prejudgment interest and a $75,000 penalty. The SEC also states that it would have imposed a greater fine if Coburn had failed to cooperate with the investigators.

As Cointelegraph previously reported, the SEC suspended securities trading in October of Nevada-based firm American Retail Group, Inc. for making false claims that its cryptocurrency trading activities were approved by the regulator.

In early November, the SEC reported that it is currently taking action against “dozens” of fraudulent Initial Coin Offerings (ICOs). The annual enforcement report for the 2018 fiscal year mentioned several illicit ICOs, three of which defrauded investors of over a combined $68 million.

Read more →

South Korea: Four ‘Young’ Hackers Booked in Cryptojacking Case Targeting Over 6,000 PCs

Posted by Marie Huillet on

Four “young” hackers have been arrested in South Korea in a major cryptojacking case involving over 6,000 computers.

Four “young” hackers have been arrested in a cryptojacking case involving over 6,000 computers in what is allegedly South Korea’s “first” known case of its kind, Korean English-language news outlet Aju Daily reports Nov. 8.

Cryptojacking is the practice of using a computer’s processing power to mine for cryptocurrencies without the owner’s consent or knowledge.

Aju Daily cites a statement from the National Police Agency's cyber bureau that clarified that the four accused had not been detained, but would face a trial for allegedly infecting 6,038 PCs with malicious mining malware, which had been concealed in job application documents sent via email.

The cryptojacking campaign is said to have lasted two months as of October 2017, but resulted in mined crypto worth only worth around one million won ($895).

According to daily South Korean newspaper Hankyoreh, the mined crypto was anonymity-oriented altcoin Monero (XMR), which frequently features in cryptojacking cases that employ the “Coinhive” code — a program created to mine XMR via a web browser. According to a study published this summer, around 5 percent of all XMR in circulation has been mined surreptitiously through cryptojacking, a figure that was noted to likely be “too low.”

Hankyoreh similarly reports that the case is the first in the country to have drawn the attention of the police authorities. The newspaper notes that some of the emails masking the malware resembled real resumes, resulting in the infection of computers used by human resources (HR) staff, adding that the hackers targeted 32,435 people in total. A police official told Hani that:

"Security firms quickly responded to the spread of malware, and [the hackers’] revenue was not very high. Most of the cases were detected by anti-virus software within 3 ~ 7 days. When it was detected, the hackers sent further malware, but it was soon detected again.”

In a global context, the South Korean case is dwarfed by other cryptojacking campaigns; in July, 20 suspects were arrested in China in a major case that allegedly affected over one million computers and generated 15 million yuan (around $2.2 million) in illicit profits.

Read more →

Three Thai Siblings Accused of $24 Million Bitcoin Scam Plead ‘Not Guilty’

Posted by Ana Berman on

Three Thai siblings accused of swindling $24 million worth of Bitcoin from a Finnish investor have recently pleaded “not guilty” in a Bangkok court.

Three Thai citizens who are currently being prosecuted for allegedly swindling $24 million worth of Bitcoin (BTC) have pleaded “not guilty” in the Criminal Court of Bangkok, major Thai newspaper Bangkok Post reports Wednesday, Nov. 7.

During the hearings, Thai prosecutors accused the three defendants and six accomplices of defrauding 21-year-old Finnish investor Aamai Otava Saarimaa back in 2017. According to the investigation, he was persuaded to buy shares in Expay Software Co, invest in a gambling-focused crypto token Dragon Coin (DRG), and buy 500 million shares in DNA (2002) Co, which he consequently did by transferring crypto to the siblings’ wallets.

The prosecutors claim that after receiving the money, the Jaravijit family bought several blocks of land in Thailand. Saarimaa, in his turn, received no profit and later complained to the Thai Crime Suppression Division (CSD).

The three Jaravijit siblings, charged with conspiracy to defraud and money laundering, have recently pleaded “not guilty.”

Two of the siblings, Jiratpisit (a Thai actor known as “Boom”) and Supitcha, were arrested in August and then released on bail of $61,000 each. Their elder brother, Prinya Jaravijit, managed to flee to the U.S. in an attempt to avoid the charges.

However, in October, the Thai CSD revoked the Prinya Jaravijit’s passport — making his stay in the U.S. illegal — in order to force his return. After arriving in Bangkok, Jaravajit was then detained without bail and is currently being held in the Bangkok Remand Prison.

Read more →