The European Union Agency for Law Enforcement Cooperation (Europol) executed six arrests in connection with an investigation into an international $27 million heist that scammed victims into depositing funds at a fake crypto exchange.
In a joint effort between Europol, UK’s South West Regional Cyber Crime Unit, and Dutch police, the five men and one woman were arrested in their homes across the two nations after a 14-month long investigation.
The $27 million figure given is expected to grow as more victims come forward. Currently, at least 4,000 victims across 12 countries have suffered losses, according to law enforcement estimates.
Information about the massive crypto crime ring remains scant. Europol states that the gang was running a website that impersonated a “well-known online cryptocurrency exchange.” It is unknown which exchange it was.
Using “typosquatting” – where URLs are misspelled, tricking victims into thinking they are on the right page – the legitimate cryptocurrency exchange was spoofed, giving the thieves access wallets and login information.
Victims would then, believing they were on the right site, divulge sensitive information to the criminals, allowing them steal their crypto funds.
Cybercriminals continue to circle cryptocurrency exchanges as easy targets. These entry points to the space have been walloped in the past few years, with a recent high-profile case affecting popular exchange Binance.
Earlier this year, Binance was hacked for $44 million, which forced the major exchange to increase its own security. But, as the Europol report notes, there are other ways in which hackers can target their victims.
The hype and excitement around cryptocurrencies can often blind individuals to security risks. In fact, a similar typosquatting attack seized on the launch of Facebook’s Calibra wallet.
Following the announcement, a fake website spoofing the Calibra wallet site emerged with an intentional typo in the URL line. The i in Calibra was replaced with the Latin letter Ì, a difference too minuscule for most users to notice.
Europol continues to play a prominent role in unraveling crypto crime rings.
In January, the agency nabbed a British man who allegedly stole $11.4 million worth of the IOTA cryptocurrency.
Europol also had a part to play in taking down cryptocurrency-mixing service BestMixer.io as part of an anti-money laundering crusade.