Arrests made in UK, Netherlands over €24 million Bitcoin heist

Five men and one woman have been arrested on suspicion of running cryptocurrency scams which have netted them €24 million in Bitcoin (BTC). 

The suspects were arrested in their homes in the United Kingdom and the Netherlands as the result of a 14-month joint operation between Europol, Eurojust, the UK's National Crime Agency (NCA) and South West Regional Cyber Crime Unit (SW RCCU), as well as Dutch police.  

Europol said on Tuesday that the six individuals are suspected of being involved in cryptocurrency thefts made possible through spoofing. 

The suspects allegedly used "typosquatting" -- the purchase of domain names similar to legitimate online services but containing a typographical error or slight variation -- to set up mirror image websites of true platforms. 

These spoofed domains were developed to look exactly like genuine cryptocurrency trading posts and platforms, and unless potential victims possessed a sharp eye, they would not have realized they were visiting a fraudulent domain. 

See also: Facebook debuts Libra cryptocurrency: a Bitcoin killer?

The spoofed domains would then be used to lure victims into submitting their account credentials for legitimate cryptocurrency services. Granted the keys to their crypto kingdoms, the cybercriminals then allegedly accessed their Bitcoin wallets and pilfered their funds. 

Law enforcement estimates at least €24 million in cryptocurrency was stolen from a minimum of 4,000 users in 12 countries -- although these figures are expected to rise. 

The case has been referred to the European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT). 

As cryptocurrency continues to prove lucrative, especially in a market in which disparate levels of security are in place, cyberattackers will continue to try and cash in. 

TechRepublic: Why data breaches keep happening

In January, Europol arrested a British man believed to be responsible for the theft of over  €10 million in IOTA cryptocurrency. The individual, who remains unnamed, is thought to have created a random password generator for use by IOTA traders which would secretly steal their unique wallet passwords. 

Keeping up with the cryptocurrency market and the crimes which can occur within it is no small task, and to help officers in their investigations, Europol recently revealed a new method of training which utilizes gamification.  

CNET: FTC launches new initiative to combat robocalls

The "cryptocurrency-tracing serious game," in which investigators will practice tracing cryptocurrency trading and laundering in scenarios akin to real-life, is due to launch later this year. 

Europol’s top hacking ring takedowns

Previous and related coverage

• Outlaw hackers return with cryptocurrency mining botnet
  
• 2018's most high-profile cryptocurrency catastrophes and cyberattacks
  
• Exposed Docker hosts can be exploited for cryptojacking attacks
  

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0