ZachXBT helps secure arrests in $243 million social engineering attack on one person
Three individuals executed a $243 million crypto theft from a single Genesis creditor in August, employing advanced social engineering tactics, according to blockchain investigator ZachXBT. The perpetrators, identified as Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano), orchestrated a multi-step attack that compromised the victims personal and exchange accounts.
On Aug. 19, the attackers initiated contact by impersonating Google Support through a spoofed phone number, successfully gaining access to the victims personal accounts. Following this, they posed as Gemini support representatives, convincing the victim that their exchange account was compromised. They manipulated the individual into resetting two-factor authentication and transferring funds to a wallet under their control.
The attackers further exploited the situation by persuading the victim to use AnyDesk, a remote desktop application. This allowed them to access the victims screen and extract private keys from Bitcoin Core, leading to the theft of a substantial amount of Bitcoin. Transaction hashes provided by ZachXBT include a transfer of 4064 BTC on Aug. 19 at 4:05 A.M. UTC, recorded under hash 4b277bfbe9090.
A private video obtained by ZachXBT shows the threat actors reacting in real time upon receiving $238 million. Initial blockchain tracing revealed that the $243 million was quickly divided among the parties involved. The funds were dispersed across over 15 exchanges, rapidly converted between Bitcoin, Litecoin, Ethereum, and Monero to obfuscate the trail.
One of the individuals, Wiz (Veer Chetal), reportedly received a significant portion of the stolen assets. According to ZachXBT, Chetal inadvertently revealed his full name during a screen-sharing session amid the theft. Further evidence was gathered as accomplices referred to him as Veer in both audio recordings and chat messages. Approximately $34.5 million of his funds are currently located in the Ethereum wallet 0x3c7a5f2795e73d2b94a9120a643f608cfc45c935.
The sophisticated nature of the attack highlights the evolving tactics used by cybercriminals in the crypto space. Social engineering remains a potent tool, exploiting human vulnerabilities rather than technical flaws. The incident highlights the necessity for enhanced security measures and user vigilance, even among experienced participants in the crypto industry.
ZachXBTs investigation has contributed to multiple arrests and the freezing of millions in assets. The collaborative efforts between blockchain analysts and law enforcement demonstrate the increasing effectiveness of tracing illicit activities on the blockchain. As reported by ZachXBT, the incident serves as a stark reminder of the risks associated with digital assets and the importance of robust security protocols.
The victim was not named, but notably, Mark Cubans Google account was compromised using a similar technique in June. He posted,
Hey @google @sundarpichai. I just got hacked at my mcuban@gmail.com because someone named noah at your 650-203-0000 called and said I had an intruder and spoofed recovery methods[] If anyone gets anything from mcuban@gmail.com after 3:30pm pst its not me.
Cuban is a known crypto advocate and ultra-high-net-worth individual. Cubans Google account was recovered within 24 hours. However, no information has been released to indicate Cuban was the victim of the crime.
The post ZachXBT helps secure arrests in $243 million social engineering attack on one person appeared first on CryptoSlate.
Text source: CryptoSlate
