In an incident that thrilled the digital finance world, three hackers; Greavys (Malone), Wiz (Veer Chetal), and Box (Jeandiel), successfully defrauded a victim of $243 million using social engineering and technical skills.
How the Attack Unfolded
The attack that occurred on August 19, 2024, was deeply investigated by onchain investigator ZachXBT, highlighting the increasing threat to the crypto industry. The hackers exploited the target firm's vulnerabilities to their advantage. Initially, they called the victim, posing as Google Support and gained trust through a fake phone number. They then portrayed themselves as Gemini Support, convincing the victim that their account was compromised. In a sophisticated social engineering attack, the hackers manipulated the victim into changing their 2FA and transferring money to a fake wallet before using AnyDesk to obtain private keys.
The Movement and Laundering of the Money
Once the hackers controlled the funds, they separated the money and transferred it through various transactions across more than 15 exchanges, using Bitcoin, Litecoin, Ethereum, and Monero to obscure its origin. During one of ZachXBT's screenshare sessions, Wiz, using the screen name Veer Chetal, mistakenly displayed his real name, boosting the investigators' spirits.
Ongoing Investigations and Arrests
Through joint efforts by blockchain researchers including CFInvestigators, ZeroShadow_io, and Binance Security, over $9 million of the stolen money has been prevented from further use, with $500,000 already returned to the victim. The investigation resulted in the arrest of both Greavys and Box in Miami Beach and Los Angeles. Authorities state that more assets are likely to be recovered and more people could be apprehended as the investigation continues.
This case underscores the importance of vigilance and strengthening security measures in digital finance. Hackers continue to exploit social engineering and technical vulnerabilities, making cybersecurity a priority for all market participants.
Comments