Europol arrests UK man for stealing €10 million worth of IOTA cryptocurrency

Suspect operated the iotaseed.io portal that generated and secretly logged passwords for IOTA wallets.
Written by Catalin Cimpanu, Contributor

Europol, German, and British authorities have announced today the arrest of a British national who they believe is behind the theft of more than €10 million ($11.4 million) worth of IOTA cryptocurrency.

The man, whose name has not been released yet, is believed to be the main culprit behind a wave of IOTA thefts that occured in January 2018.

According to reports from last year, the hacker, who used the nickname of "Norbertvdberg' while providing support online to other IOTA enthusiasts, set up the website iotaseed.io, which he advertised as a random seed (password) generator.

The site offered to help IOTA users to generate unique passwords that are compliant with the specifications of various IOTA wallet apps --seeds need to be 81-digit-long and use certain characters.

To convince users that his website was legitimate, the hacker linked to a public GitHub repository that claimed to contain the source code of the iotaseed.io service.

Unbeknownst to all the site's users, this was a false claim, and according to an analysis from Alex Studer, a UK student, the code generated predictable passwords that the hacker was secretly logging.

"This code patches the Math.seedrandom function, which is used by the [seed] generation code, to always use a fixed seed '4782588875512803642' plus a counter variable that increases by one every time seedrandom is run," Studer wrote in his report last year. "This has the effect of causing Math.random() to always return the same, predictable series of numbers, causing the generated IOTA wallet seeds to always be the same."

Norbertvdberg ran his website for nearly six months, between August 2017 and January 2018, secretly collecting user wallet seeds.

He finally sprung his attack on January 19, 2018, when he quietly started logging into users' wallets and stealing their funds.

His initial thefts also went undetected because of a DDoS attack that was taking place at the same time, and which targeted IOTA servers, keeping IOTA admins busy instead of watching the blockchain for surges in IOTA transfers.

According to Europol, some victims didn't take the theft of their funds sitting down. Several users filed complaints with authorities, and the Hessen State Police in Germany started an official investigation last year.

Despite Norbertvdberg's efforts to delete all his online profiles on GitHub, Reddit, and Quora, German authorities identified him in July, last year, as a 36-year-old living in Oxford, UK.

Officers from the UK's South East Regional Organised Crime Unit (SEROCU) arrested the suspect today on charges of fraud, theft, and money laundering. He is now facing extradition to Germany where he's supposed to face trial.

2018's worst cryptocurrency scams, cyberattacks (in pictures)

More security coverage:

Editorial standards