Nov 24, 2021
0 0

Biggest Single Crypto Theft: Teen Charged with $36M SIM-Swap Heist

Written by

The Home of the Security Bloggers Network
Home » Security Boulevard (Original) » News » Biggest Single Crypto Theft: Teen Charged with $36M SIM-Swap Heist
A Canadian has been charged with stealing C$46 million of imaginary money. Police in the city of Hamilton, near Toronto, won’t say who the alleged perp is, or even their age—aside from being a “teenager.”
The unmounted police service says the victim lost the cryptocurrency when they fell victim to a SIM-swapping attack. Yes, it’s this again—when will people learn that an insecure second factor is as bad as no authentication at all?
Get off my lawn, you pesky kids. In today’s SB Blogwatch, we vicariously visit The Electric City.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: SmugTrek:Disco.
What’s the craic? Stefanie Marotta reports—“Teen Arrested in Crypto Theft Worth $36.5 Million”:
The matter is before the courts
A Canadian teenager was arrested for allegedly stealing C$46 million ($36.5 million) worth of cryptocurrency. [It’s] the biggest crypto theft reported from one person, according to police.

Police said the victim was targeted through … SIM swapping, in which a scammer hijacks a wireless customer’s phone number to intercept two-factor authentication requests. … The Hamilton teen was arrested and charged with theft over C$5,000 and possession of property or proceeds of property obtained by crime. The matter is before the courts.

How did they find the alleged perp? Igor Bonifacic looks nice—“Canadian police arrest teen”:
A banner year
According to authorities in Hamilton, Ontario, a city about one hour west of Toronto … some of the stolen money was used to purchase a “rare” online gaming username, which eventually allowed the Hamilton Police Service, as well as FBI and US Secret Service Electronic Crimes Task Force, to identify the account holder.

2021 has been a banner year for crypto thefts. In June, investors in South Africa lost nearly $3.6 billion in Bitcoin when the founders of one of the country’s largest cryptocurrency exchanges disappeared. That same month, police in the UK seized approximately $158 million in various digital currencies.

Horse’s mouth? Krista-Lee Ernst speaks for Hamilton Police—“Arrest Made”:
Victim located in the United States
In March of 2020, Hamilton Police entered into a joint investigation with the Federal Bureau of Investigations and the United States Secret Service Electronic Crimes Task Force. The investigation focused on the theft of cryptocurrency from a victim located in the United States.

If you have any information that you believe could assist Police with the investigation into this crime you are asked to contact Detective Constable Kenneth Kirkpatrick by calling 905-546-4793. To provide information anonymously call Crime Stoppers at 1-800-222-8477.

It sounds like a large amount of money. Samantha Craggs caught up with DC KK—“Hamilton youth charged”:
It’s a large amount of money
Det.-Const. Kenneth Kirkpatrick from Hamilton Police Service’s cybercrimes unit … wouldn’t say the exact age or gender of the youth, or the username that youth bought. He also didn’t say whether the youth was acting alone.

“The amount, of course, is very surprising,” Kirkpatrick said. “That’s a large amount of money, and it’s a large amount of money in anybody’s opinion.”

Kirkpatrick said cyber and cryptocurrency crimes are increasingly common. His unit began in 2018, and educates other Hamilton police officers and the public.

SIM swapping again? MeNeXT is next:
The weakest link is a cell phone number and two-factor authentication.

Is this a problem in other countries? Pascal Monett argues it’s not:
Have a nice day
My mobe is Luxembourg-based and Luxembourg is a stickler for administrative procedure. Someone calls to say their phone is lost? No problem sir, what is the number? There, the phone is blocked. You can now go buy a new one.

Transfer to a new SIM? Sorry sir, your phone is lost, go buy a new one. You have another one? Good for you, have a nice day.

So much for crypto anonymity. Here’s SuperKendall:
This goes to show that Bitcoin, or any public blockchain cryptocurrency like it, is only as good as whoever you are transferring money to. If you transfer anything to anyone they can extract information from, they can start working back to who you are.

Wait. Pause. “Crypto” is short for cryptography. But that’s no longer a hill Lorenzo Franceschi-Bicchierai wishes to die on:
Languages are living things
Four years ago, I wrote a passionate hot take, arguing that the word “crypto” should not be used to refer to “cryptocurrency,” but to refer to “cryptography,” as it’s been the case … for more than 20 years. [But] it’s time to raise a white flag and admit we lost this war.

Everyday, non techie people … use and understand “crypto” to mean cryptocurrency. And it’s OK.

I grew up in Spain, where there is an official government-run body … whose sole mission is to preserve the correct use of the Spanish language. … I now see that as the wrong approach. Languages are living things shaped by the people who use them.

SRSLY? h2odragon agrees:
There’s money involved, you’ve lost. … Take the opportunity to choose a new, sexier name for the discipline: Obfuscationarianism, perhaps.

Meanwhile, gweihir eyerolls furiously:
Smart enough to steal. Too stupid to spend it in a way that was not obvious. Apparently this person is already a Dunning-Kruger case at a young age.

What is this annoying, smug garbage I just watched?
Previously in And Finally
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.
Image sauce: Jay Tong (cc:by-nd)
Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.
richi has 303 posts and counting.See all posts by richi

More Webinars


Article Categories:
Cloud Security

Comments are closed.