Police officers from the UK’s South East Regional Organised Crime Unit (SEROCU) have arrested a 36-year-old British man in Oxford, who was identified by their German counterparts from the Hessen State Police as a suspect in the theft of more than €10 million ($11.4 million) worth of IOTA in January 2018.
In a statement released on the Europol website, it was revealed that the unnamed suspect used a malicious IOTA seed generator available at www.iotaseed.io to obtain backdoor access to user wallets over the course of six months from August 2017, culminating in the attack on January 19, 2018, when he began logging into user wallets and transferring funds without their knowledge.
IOTA Wallet Seed Theft
In order to gain trust from his marks, the hacker who went by the pseudonym Norbertvdberg posed as a bona fide member of the IOTa community, offering support to IOTA users and linking them to iotaseed.io, which purportedly generated random and unique 81-digit passkeys that IOTA wallets require to function.
He even created a GitHub repository that supposedly contained the source code of iotaseed.io, knowing full well that most users would never actually check the code or know what to look for if they did so. In fact, as it turned out, iotaseed.io was merely generating predictable seeds that the hacker secretly logged for six months as he cast a wide net for potential victims.
After deciding that he had gathered enough seeds to exploit profitably, Norbertvdberg sprang into action on January 19, logging into 85 user wallets and transferring about €10 million worth of IOTA to wallet he controlled. In the course of the theft, he even set up a DDOS diversion for IOTA admins, tying them up with difficulties caused by spiking network traffic so that they would not notice several suspicious transactions being made.
Reports, Investigation, and Arrest
According to the statement, it all began to unravel for the hacker when several users recorded complaints with the Hessen State Police in Germany, resulting in an investigation that also brought in the UK National Crime Agency and Europol. Norbertvdberg apparently made attempts to delete his internet footprint by removing his available profiles on Reddit, Quora and GitHub.
Despite this, the investigation was able to identify him, and in July 2018, the case was then referred to the Joint Cybercrime Action Taskforce (J-CAT) under Europol’s European Cybercrime Centre (EC3). The coordination across different EU member states on this case marks the first time that a cryptocurrency theft will be assigned this level of priority by EU law enforcement, as regulators increasingly come to understand cryptocurrency theft as a real crime.
Following his arrest, he is expected to be extradited to Germany to face trial on charges of fraud, theft and money laundering.