Posted on November 21, 2021 at 6:48 AM

Canadian teen arrested in connection to a $36M crypto heist

Cybercrime has been on the rise, and the crypto space is constantly finding itself in the middle of these hacking attacks. The recent cyberattack on this sector has been surprising as it was conducted by a Canadian teen, who has since been arrested for stealing $36.5 million worth of cryptocurrencies.

Reports state that the hacker stole the $36.5 million worth of crypto from one single victim in the United States, which makes for the largest crypto theft conducted by one person.

Hacker utilized a SIM-swap attack

The teen responsible for this hack utilized a SIM-swap technique where an attacker transfers the phone number of a targeted individual into their own devices. This allows the hackers to gain access to an SMS-based two-factor authentication code.

While multi-factor authentication processes aim to boost the security of accounts, they are not 100% secure. SIM swaps are among the ways that hackers are using to compromise SMS-based multi-factor authentication processes. SIM-swap attacks are so common that they have even affected the operations of Twitter at one point.

In the recent case, authorities state that the teen used the SIM-swap technique to target a cryptocurrency investor. The hack is yet another reason that owning many cryptocurrencies can make one a target for cybercriminals.

While the arrest has only happened now, the theft happened around one year ago. In 2020, the FBI, in collaboration with the US Secret Service and the Hamilton Police Service, investigated the theft.

A police statement stated that the attacker used the codes received through an SMS based authentication process to access the coins owned by the target. According to the Hamilton Police Service, the amount of money stolen through this attack was “very surprising.” “That’s a large amount of money, and it’s a large amount of money in anybody’s opinion,” said Kenneth Kirkpatrick, a detective with the Hamilton Police.

The authorities were able to catch up with this hacker after using a large amount of the stolen money to buy an expensive online gaming username. Following the arrest, the authorities recovered over $5.5 million worth of cryptocurrencies from the teen.

The statement from the police states that “the joint investigation revealed that some of the stolen cryptocurrency was used to purchase an online username that was considered to be rare in the gaming community. This transaction led investigators to uncover the account holder of the rare username.”

Cryptocurrencies shave continued to become highly related to cybercrimes. Hackers prefer to either get ransom or steal cryptocurrencies because it is not easy for an exchange to reverse the transactions, which is normally the case with the traditional banking sector.

The continued use of cryptocurrencies in illicit activities is why many regulators call for compliance to ensure that these assets can easily be traced despite their decentralized nature and having an anonymous system that prevents authorities from tracking those that have received these assets.

Cryptocurrencies shave become a target for cybercriminals

The growing use of cryptocurrencies has made these assets targets for cybercriminals taking advantage of the anonymity and privacy offered by these transactions. Previously, the use of cryptocurrencies in cybercrimes was mainly used to pay ransomware, but this is slowly starting to change.

Earlier this year, one of the largest hacking attacks in the US on Colonial Pipeline led to the hackers requesting a ransom to be paid in crypto. This is not the first time this has happened, as most ransomware attacks demand this as the payment method to put authorities off their trail.

However, individuals and even crypto platforms are becoming targets of these attacks. Mid this year, the largest cryptocurrency hacking attack on Poly Network led to an over $600 million loss. While exchange platforms joined hands to prevent the attackers from escaping with the funds, the attack shed a negative light on the security offered by exchange platforms, especially those that operate in the decentralized finance (DeFi) sector.

Moreover, hacking attacks on individual investors in the crypto sector have also been reported where attackers steal the identities of these investors or target them through phishing attacks to get details of their exchange accounts or transfer tokens from the targeted individuals.

The connection between cryptocurrencies and illicit activities such as cybercrimes is among the reasons why many countries are calling for regulations in this sector. For example, crypto exchanges have introduced know-your-customer requirements that cross-references the identities of those handling transactions. However, hackers have found a way around this by using privacy coins in their transactions.