An investigation led by Europol, an EU law enforcement agency, along with German and British police agencies, has led to the arrest of an individual from Oxford, UK, who allegedly stole roughly $11 million worth of IOTA tokens.
Europol announced the arrest of the 36-year old suspect on January 23, 2019, and IOTA co-founder and board co-chairman, Dominik Schiener recently told Reuters that the funds have now been recovered and are being held as evidence in the police investigation.
An In-Depth Look at the Case
Late 2017 and early 2018, the hacker operating under the pseudonym of “Norbertvdberg” posed as a member of the IOTA community and gained the trust of other community members. Offering support to IOTA users, the alleged hacker led them to iotaseed.io—a scammy web portal.
Using this website, unsuspecting IOTA users purportedly generated random and unique 81-digit passkeys that IOTA wallets require to operate normally. However, little did these users know that the hacker was able to gain access to every unique passcode generated on the website.
Per a statement by Europol:
“Several victims created the seed on this website in good faith, however, the seeds were stored in the background by the service provider. Later the criminal used these to gain access to the victims’ wallets and transferred their money to other wallets created with fake IDs.”
The hacker even established a GitHub repository that supposedly possessed the source code for iotaseed.io to better gain the trust of IOTA community members. It’s often assumed that if the code is open source and available for anyone to read it can be trusted, but if no one takes initiative to vet the code it should not be trusted.
Finally, when the hacker gathered enough unsuspecting IOTA users to generate their 81-digit passkeys, he started transferring funds from their wallets on January 19. He logged into a total of 85 wallets and transferred about $11 million worth of IOTA out of their wallets.
Even more, to distract IOTA admins as to what was happening, he established a DDOS diversion which caused network traffic spikes and other unusual things.
IOTA Hacker Is Arrested
Soon after the attack in January 2018, a joint Cybercrime Action Taskforce, led by Europol’s European Cybercrime Centre, was launched. Joining the investigation was the UK’s South East Regional Organised Crime Unit (SEROCU), and the National Crime Agency (NCA) also participated in the operation.
IOTA was also assisting in the police investigation for months. According to Schiener, for the longest time he and the police assumed the hack was organized by a professional hacker group. However, the perpetrator turned out to be a single individual who had a normal job and is well-educated.
Regarding the stolen funds, Schiener was reported saying:
“From what we know, just a small amount of the 10 million euros has not been found,” adding: “The exchanges have blocked the hacker’s accounts. He tried to free the money, but he did not succeed.”
Last week, British police arrested the Oxford man on a number of illegal counts, including theft, money laundering, and suspicion of fraud. Police also seized a number of his computers and electronic devices in the process.