Indian citizen Chirag Tomar was sentenced to five years in federal prison for orchestrating a cryptocurrency fraud scheme that defrauded hundreds of victims out of more than $20 million.
Coinbase Spoofing Fraud Scheme
According to court documents, Tomar and his co-conspirators executed the fraud by spoofing a website designed to imitate the legitimate cryptocurrency exchange Coinbase. From June 2021, the group set up a fraudulent version of the exchange’s professional trading site, Pro.Coinbase.com, using a fake URL, CoinbasePro.com. Victims who attempted to log into their Coinbase accounts were tricked into providing their login credentials. One of the tactics involved impersonating Coinbase customer service representatives and convincing victims to hand over two-factor authentication (2FA) codes. In other instances, fraudsters instructed individuals to install remote desktop software that would give them full control of their computers. Tomar used the ill-gotten credentials to access multiple victim accounts and transfer funds to wallets under his control. He then converted the cryptocurrency into other digital assets, moving them between several wallets to hide the transactions and eventually converted the funds into cash, distributing it amongst the criminal group.
$240,000 Theft and Arrest
The scheme impacted targets from around the globe, including North Carolina. In February 2022, a resident of North Carolina attempted to access his Coinbase account through the spoofed site. The fake website instantly alerted them that their account was locked and directed them to call a number to reach a fake Coinbase representative. This 'representative' then deceived them into giving up their 2FA details, allowing fraudsters access to their legitimate Coinbase account, leading to the theft of over $240,000 worth of cryptocurrency from the associated wallet.
Other Fraud Cases
This is not the first time such incidents have occurred. In 2021, authorities charged Soufiance Oulahya with stealing $450,000 in cryptocurrencies and NFTs by spoofing the OpenSea marketplace. Additionally, Convex Finance had to introduce two alternative new URLs after its DNS was hijacked in a spoofing attack, which caused users to unknowingly approve malicious contracts. This problem isn't limited to crypto alone. In 2020, JP Morgan was fined nearly $1 billion for its spoofing practices in metals futures and Treasury securities.
Cryptocurrency fraud continues to be a significant issue affecting users worldwide. The case of Chirag Tomar is just one example, highlighting the importance of vigilance and awareness among users to protect their digital assets.