Theft of $243 Million in Cryptocurrency: A Sophisticated Social Engineering Attack
In August, a remarkable $243 million cryptocurrency theft took place, targeting a single Genesis creditor. According to blockchain investigator ZachXBT, this elaborate operation involved three individuals employing advanced social engineering techniques.
Details of the Attack
The attackers, identified as Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano), executed a meticulously planned multi-step attack that compromised both the victim’s personal and exchange accounts.
Step-by-Step Breakdown
- Initial Contact: On August 19, the attackers impersonated Google Support using a spoofed phone number, successfully breaching the victim’s personal accounts.
- Exchange Account Manipulation: They then posed as Gemini support representatives, convincing the victim that their exchange account had been compromised, which led the victim to reset their two-factor authentication.
- Fund Transfer: Under their influence, the victim transferred funds to a wallet controlled by the attackers.
- Remote Access: The attackers further convinced the victim to use AnyDesk, a remote desktop application, enabling them to access the victim’s screen and extract private keys from Bitcoin Core.
Significant Findings
The investigation revealed a transaction of 4064 BTC on August 19 at 4:05 A.M. UTC, documented under the hash 4b277b…fbe9090.
Victims and Fallout
A private video obtained by ZachXBT showed the criminals reacting in real-time as they received $238 million. The stolen funds were rapidly distributed among over 15 exchanges and converted between Bitcoin, Litecoin, Ethereum, and Monero to obscure the trail.
Identification of One Attacker
One key figure, Wiz (Veer Chetal), was identified when he inadvertently revealed his name during a screen-sharing session. Accomplices frequently referred to him as “Veer” in audio recordings and chats. Currently, approximately $34.5 million of his assets are located in an Ethereum wallet identified as 0x3c7a5f2795e73d2b94a9120a643f608cfc45c935.
The Broader Implications
This sophisticated operation demonstrates the evolving tactics employed by cybercriminals in the cryptocurrency domain, emphasizing the effectiveness of social engineering over technical exploitations. It underscores the necessity for enhanced security measures and increased user vigilance, even among seasoned participants in the crypto landscape.
ZachXBT’s work has already contributed to multiple arrests and the freezing of millions in assets, illustrating the growing effectiveness of blockchain analysis in tracing illicit activities. The incident serves as a significant reminder of the risks associated with digital assets and the critical need for robust security protocols.
Notable Case: Mark Cuban
While the victim in this case has not been disclosed, it is worth noting that Mark Cuban’s Google account was compromised using similar tactics earlier in June. Cuban tweeted:
“Hey @google @sundarpichai. I just got hacked at my [email protected] because someone named Noah at your 650-203-0000 called and said I had an intruder and spoofed recovery methods[…] If anyone gets anything from [email protected] after 3:30 PM PST, it’s not me.”
Cuban is a well-known advocate for cryptocurrencies and a high-net-worth individual, and while his Google account was recovered within 24 hours, there has been no official disclosure indicating he was the victim of this particular crime.