The Civil Guard resolved a case of hacking and theft of a cryptocurrency custody company worth 6 million euros (USD $6.7 million)
The Spanish Civil Guard reported in a press release this week that it managed to solve a case of hacking and theft of a cryptocurrency custody company worth 6 million euros (USD $6.7 million).
In the so-called 3COIN Operationthe agency dismantled a group of cybercriminals who in the summer of 2020 attacked a Spanish company dedicated to the custody of cryptocurrency and even stole that amount of money that actually belonged to thousands of investors.
These facts were brought to the attention of the Department against Cybercrime of the Central Operational Unit (UCO) of the Civil Guard, which in view of the high number of people affected and the value of what was stolen, began the investigation.
According to the agency, it was a “highly sophisticated” hack. In this regard, it highlights:
“The movements made by the stolen cryptocurrency masked in a complex money laundering system were followed up, it was greatly hindered by the raison d’être of the cryptocurrency itself: the anonymity of the transactions.”
He reported that a RAT (Remote Access Trojan) type malware, better known as a Trojan, was used on the company’s computers. Given the type of malware and the time the authors were inside it, it made the researchers think that “Behind this attack could be authors of the APT type (Advanced Persistent Threats), linked to sophisticated groups of cybercriminals.”
Origin of the attack: a pirate movie
Likewise, the Guard says that as the researchers delved into the origin of the attack on the cryptoactive custody company, “It was concluded that it had its origin in the illegal downloading of a movie from a ‘pirate’ multimedia content portal by an employee of the aforementioned company.”
It reports that the files from that film contained a highly sophisticated computer virus that allowed attackers to take complete control of the employee’s computer and use it as cover to gain access to the company. “This download occurred more than half a year before the events occurred, allowing the attackers to know in detail all the internal processes of the company and prepare the computer attack”Add.
He goes on to explain: “This attack occurred in the middle of summer, once they knew all the procedures, characteristics and structure of the company, accessing through an interposed computer network to give the transaction order for cryptocurrencies worth 6,000,000 euros” .
Likewise, the stolen cryptocurrencies were transferred to wallets under the control of the attackers, “where they were immobilized for more than six months trying not to attract police attention. It was after that time, once they felt safe, that they started moving cryptocurrencies using a complex network of money laundering electronic wallets.” All, without a doubt, very prepared.
step by step research
After the various avenues of investigation opened by the agents, it was possible to identify the alleged operator of the illegal download website from which the computer virus that led to the attack was distributed.
Other avenues of open technological investigation allowed the identification of four more people, who supposedly received part of the stolen cryptocurrencies, all of them with no apparent relationship.
For all these reasons, in November 2021, UCO agents Against Cybercrime carried out four house searches in the provinces of Tenerife, Bilbao and Barcelona, and arrested four people, who were seized with computer equipment, as well as cryptocurrencies. worth 900,000 euros, related to theft.
After analyzing the material seized in these records, the agents were able to verify traces of the alleged authorship of the attack by one of the detainees, they located the malware type of Trojan used and the traceability of the cyberattack, as well as the initial movements of the stolen cryptocurrencies and their payment to the owner of the download website from which the virus was launched.
Once the alleged authorship of the cyberattack was verified, the investigation focused on the identification of the possible recipients of the stolen cryptocurrencies and their link with the first, reaching the researchers to another individual, who received at least 500,000 euros in stolen cryptocurrency.
The Guard says that this week, in the last phase of the operation to date, another person has been investigated, who exercised control over the alleged perpetrator through the consumption of drugs linked to rituals such as the Bufo Toad. These rituals consist of smoking bufantoin, the poison extracted from the Sonoran toad or Bufo Alvariusone of the most powerful hallucinogens out there.
The Guard says that both the victim and the cybersecurity company that assisted her facilitated a very fluid exchange of information, “which was of capital importance in the resolution of this investigation.”
The operation was carried out by agents of the Department Against Cybercrime of the Central Operational Unit of the Civil Guard and directed by the Court of Instruction number 12 of Madrid.
Sources: Civil Guard statement, archive
version of DailyBitcoin
Picture of unsplash
WARNING: This is an informative article. DiarioBitcoin is a means of communication, it does not promote, endorse or recommend any investment in particular. It is worth noting that investments in crypto assets are not regulated in some countries. May not be suitable for retail investors as the full amount invested could be lost. Check the laws of your country before investing.