European police have arrested six people as part of an investigation into a theft which saw €24 million (US $27 million) stolen from users of cryptocurrency exchange. In a press release, Europol described how five men and one woman were simultaneously arrested on Tuesday morning at the homes of the suspects in Charlcombe, Lower Weston and Staverton (UK) and Amsterdam and Rotterdam (the Netherlands). A larger number of electronic devices and equipment were seized at the homes of those arrested, and will now be examined by the UK's South West Regional Cyber Crime Unit (SW RCCU). Those apprehended in the UK were arrested on suspicion of committing computer misuse and money laundering offences, while their Dutch counterparts - including a 19-year-old woman in Amsterdam - have been arrested on suspicion of money laundering. Full details of how the alleged hackers are supposed to have stolen funds from cryptocurrency investors have not been shared, but Europol's press release says that the investigation related to typosquatting. Typosquatting sees scammers create webpages that fool you into believing they are legitimate by having almost legitimate URLs. If a user is careless or in a hurry it's all too easy to not notice that you are on a site called example.om rather than example.com, for instance. For many years criminals, scammers and opportunists have taken advantage of mistyped URLs to create convincing-looking sites that attempt to steal login credentials or install malware. In response, some popular websites have purchased domains that might otherwise be used to fool their users (Twitter, for instance, owns twiter.com and redirects traffic there to the legitimate twitter.com site), but it's not really practical to handle all the possible permutations. If the police claims are correct, it sounds as if criminals created a spoof version of a "well-known online cryptocurrency exchange" in order to steal victims' login details, gain access to their Bitcoin wallets, and steal funds. The name of the cryptocurrency exchange whose users were targeted has not been released. The police investigation began in April 2018, after an individual in Wiltshire contacted UK police to report that they had lost £17,000 worth of Bitcoin. Law enforcement agencies estimate that there are more than four thousand victims in at least 12 countries, amounting to a haul of over €24 million. Detective Inspector Louise Boyce from the SW RCCU, which worked closely with the Dutch police (Politie), Europol, Eurojust and the UK's National Crime Agency (NCA), said in a statement these figures are expected to grow as the investigation continues:
“The investigation has grown from a single report of £17k worth of bitcoin stolen from a Wiltshire-based victim to a current estimate of more than four thousand victims in at least 12 countries. We expect that number to grow. As part of today’s operation, we’ve seized a large number of devices, equipment and valuable assets with huge support from our colleagues in Avon and Somerset Police, Wiltshire Police, Tarian and the South East ROCU. Devon and Cornwall and the Metropolitan Police also provided vital help in the form of their two cyber dogs, who played key roles in searching suspects’ homes."
With the recent resurgence of the value of Bitcoin, there's a good chance that we will see more interest from cybercriminals in stealing from cryptocurrency investors. One way in which users can protect themselves from entering their credentials on a typosquatting website, or indeed other bogus phishing sites, is to use a good password manager that will only offer to fill-in their login credentials if the domain completely matches the real site's URL.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.