Home / Archive / South Korean Police, FBI Bust International XRP Phishing Scam

South Korean Police, FBI Bust International XRP Phishing Scam

Last Updated March 4, 2021 3:40 PM
Conor Maloney
Last Updated March 4, 2021 3:40 PM

A phishing scam which stole over $800,000 worth of XRP from dozens of victims in South Korea and Japan has been busted in a joint operation between the Seoul police cybercrimes division and the FBI.

Two people have been arrested so far in relation to the operation, a computer programmer and his employer, according to a local report . It is alleged that the programmer, a 42-year-old office worker, was hired by the mastermind of the operation to replicate a Ripple exchange website. The mastermind then spoofed or impersonated the real exchange’s email account and contacted users saying their funds had been frozen.

The email contained a link to the fake website, where 24 Korean investors and 37 Japanese investors were convinced to enter their login details which were then recorded by the scammer and used to gain access to user funds on the real exchange site. While the scam exclusively targeted Korean and Japanese citizens, the FBI may have gotten involved last December due to the fact that Ripple is an American company.

Local media outlet JoonAng Ilbo reports that the lead scammer transferred the stolen XRP into the local fiat currency, the Korean won, and used the funds on to pay for five-star accommodation in a high-end apartment complex as well as other luxury items and services.

Supposedly the mastermind behind the operation became involved in phishing after he himself fell victim to an exchange hack in 2014, losing all of his investment. After the investigation failed to yield any results and the hackers got away, he was inspired to carry out similar crimes of his own.

As well as contracting the programmer, he also liaised with another accomplice, a Japanese cryptocurrency exchange operator who provided him with the user data (email accounts, affiliated exchanges, and 2FA status) needed to amass a list of potential targets. The Japanese accomplice is still at large and believed to be in Japan at this time – Seoul’s cybercrime division say they are reaching out to Japanese authorities for collaboration.

The incident is South Korea’s first cryptocurrency phishing case and has led to some interesting legislative obstacles – the lead scammer claims that he has already converted and spent the $800,000 worth of XRP on accommodation and other items, meaning it cannot be returned.

Beyond that, the Korean police cannot legally freeze or confiscate his other assets due to the nature of the crime – cryptocurrencies are not deemed legal tender under South Korean law, leading prosecutors to state that it is very unlikely that the victims of the scam will be compensated.

The case is similar in scale to the British “one man cyber-crime wave” phisher who earned hundreds of thousands of pounds through phishing scams and millions through hacking corporate user databases to sell the information on the dark web, much like the Japanese exchange operator, in this case, sold data to the lead scammer in Korea.

Featured image from Shutterstock.