An Indian citizen you are found guilty in the United States over allegations of stealing more than $37 million by creating a website that mimicked the cryptocurrency trading platform Coinbase, essentially creating a fake Coinbase.
Fake Coinbase: how it was born and who is the creator
Chirag Tomar, 30, pleaded guilty to wire fraud conspiracy for defrauding multiple people in a cryptocurrency scam using a phony Coinbase, which carries a maximum sentence of 20 years in prison and a $250,000 fine; he was arrested on December 20, 2023, upon entering the country.
“Tomar and his accomplices [complici del Coinbase fasullo] they organized a scheme to steal millions of cryptocurrencies from hundreds of victims around the world and throughout the United States, including the Western District of North Carolina,” has declared last week the Department of Justice (DoJ).
The website, created around June 2021, was called “CoinbasePro[.]com” (basically the fake Coinbase made the unfortunate people believe that it was a sort of “pro” version of the real one) in an attempt to masquerade as Coinbase Pro and trick unsuspecting users into believing they are accessing the legitimate version of the virtual currency trading platform.
It is worth noting that Coinbase has interrupted the offer in favor of Advanced Trade in June 2022; and this was to further imply that CoinbasePro was the fake Coinbase, the gradual migration of Coinbase Pro customers to Coinbase Advanced was completed on November 20, 2023.
How Victims Were Lured to “Fake Coinbase”
Victims who entered credentials on the fake Coinbase site and had their login information stolen by scammers and, in some cases, were tricked into granting remote desktop access which allowed cybercriminals to access their legitimate Coinbase accounts.
“The scammers also impersonated Coinbase customer service representatives and tricked users into giving their two-factor authentication codes to the scammers over the phone,” the DoJ said, adding: “Once the scammers have accessed the victims’ Coinbase accounts, they quickly transferred victims’ cryptocurrencies to cryptocurrency wallets under the control of the scammers.”
In one case highlighted by prosecutors, an unidentified fake Coinbase victim located in the Western District of North Carolina lost over $240,000 in cryptocurrency this way after being tricked into to call a fake Coinbase representative under the guise of blocking your trading account.
Tomar is believed to have been in possession of several cryptocurrency wallets that received stolen funds totaling tens of millions of dollars, which were later converted into other forms of cryptocurrency or transferred to other wallets and finally cashed out to finance a luxurious lifestyle.
This included expensive watches from brands such as Rolex, the purchase of luxury vehicles such as Lamborghini and Porsche, and several trips to Dubai and Thailand.
The arrest of the authors of the fake Coinbase
The development of the investigation into the fake Coinbase comes as a special investigation team (SIT) associated with the Criminal Investigation Department (CID) in the Indian state of Karnataka has arrested Srikrishna Ramesh (also known as Sriki) and his alleged accomplice Robin Khandelwal for the theft of 60.6 bitcoins from a cryptocurrency exchange company called Unocoin in 2017.
It turned out like this where the money went after it went through the fake Coinbase.
US takes action against North Korea’s army of freelance IT workers
The Coinbase clone (the fake Coinbase), it is only the tip of the Iceberg that started a series of events.
In fact, after the fake Coinbase case, there also follows one new wave of arrests in the United States in connection with an essay multi-year scheme designed to help IT workers linked to North Korea a obtain remote jobs at more than 300 U.S. companies and advance the country’s weapons of mass destruction program in violation of international sanctions.
Among the arrested parties is a 27-year-old citizen of Ukraine, Oleksandr Didenko, accused of creating fake accounts on IT job search platforms in the United States and selling them to foreign IT workers to gain employment.
He is also believed to have operated a now dismantled service called UpWorkSell which advertised the “ability for remote IT workers to purchase or rent accounts in the names of identities other than their own on various online freelance IT job search platforms.”
According to the affidavit in support of the complaint, Didenko operated approximately 871 “proxy” identities, provided proxy accounts for three freelance IT hiring platforms in the United States, and provided proxy accounts for three different US-based money services transmitters.
Those involved are not just North Koreans
Didenko’s accomplice, Christina Marie Chapman, 49, was also arrested for running what is called a “laptop farm” by hosting multiple laptops at her residence for North Korean IT workers to give the impression they were in the U.S. and apply for remote work positions in the country.
“The conspiracy […] generated at least $6.8 million in revenue for foreign IT workers,” Chapman’s indictment said, adding that the workers obtained jobs at numerous top U.S. companies and exfiltrated data from at least two of them, including a multinational restaurant chain and a classic American clothing brand.
Charges were also filed against Minh Phuong Vong of Maryland, a Vietnamese citizen and naturalized American, for conspiring with an unknown party to commit wire fraud by obtaining employment at U.S. companies when, in realityremote IT workers located in China posed as Vong to work on the government’s software development project.
There are indications that the second individual, referred to as “John Doe,” is North Korean and works as a software developer in Shenyang, China.
Further developments
“Vong […] did no software development work“, has said the DoJ. “Instead, Vong worked at a nail salon in Bowie, Maryland, while an individual or individuals located in China used Vong’s login credentials to connect to a secure government website, perform software development work, and attend meetings regular online businesses.”
At the same time, the DoJ said it had taken control of as many as 12 websites that were used by IT workers to obtain remote work contracts under the guise of as US-based IT services companies that offered artificial intelligence, blockchain and cloud computing solutions.
As previously revealed in court documents late last year, these IT workers, part of the Workers’ Party of Korea’s Department of Munitions Industry, they are known to be sent to countries such as China and Russia, from where they are hired as freelancers with the end goal of generating revenue for North Korea.
“North Korea is evading US and UN sanctions by targeting private companies to illicitly generate substantial revenue for the regime“, the US Federal Bureau of Investigation (FBI) said in an alert.
“North Korean IT workers use a variety of techniques to obfuscate their identities, including using US-based individuals, both knowing and unknowing, to obtain fraudulent employment and access to US corporate networks to generate this revenue.”
A recent report from Reuters has revealed that North Korean cybercriminals have been linked to 97 suspected cyberattacks on cryptocurrency companies between 2017 and 2024, obtaining illicit profits of 3.6 billion dollars.
Adversaries are estimated to have laundered the $147.5 million stolen from the attack on cryptocurrency exchange HTX last year through the virtual currency platform Tornado Cash in March 2024.
#Fake #Coinbase #million #scam