US Man Sues Parents of UK Teens Who Stole Almost $1m of Bitcoin!

US Man Sues Parents of UK Teens Who Stole Almost $1m of Bitcoin!

When Colorado, US resident Andrew Schober downloaded the Electrum Atom Bitcoin wallet from Reddit, he also picked up a piece of clipboard hijacking malware that eventually re-directed his 16.4552 Bitcoin to a wallet controlled by 2 UK teenagers .

Now adults, the then-teens apparently used clipboard hijacking malware to steal Bitcoin.

At today’s price, 16.4552 Bitcoin would be worth ~$773k.

$10k on Experts

After spending years and around $10k on experts to track down the threat players, according to a new lawsuit filing (PDF) uploaded by Krebs On Security, Schober identified the culprits as Benedict Thompson & Oliver Read, now adults who are studying computer science.

But because they were juveniles at the time of the alleged theft, Schober is suing their parents for the nearly $1m he lost in the theft.

Eat or Sleep for Days

“The deployment of the Malware on Mr. Schober’s computer & the subsequent theft of Mr. Schober’s crypto-currency was devastating for Mr. Schober,” the suit stated. “He did not eat, or sleep for days afterward & has been in a severe state of distress for the past 3 years.”

The filing explained that the value of the crypto currency wallet accounted for around 95% of Schober’s net wealth.

“Mr. Schober brings this action to hold Defendants accountable for their violations of US Federal & State Law, & to seek recovery for the grave financial & personal harm he suffered,” the suit added.

Out of Court

Schober tried to settle things out of court, his attorneys stated, presenting a letter he sent to the attorney for the Thompsons & Oliver & Paul Read.

“It seems your son has been using malware to steal money from people online,” the letter from Schober explained, adding that he had evidence of the duo’s guilt, including GitHub records & repositories for Electrum Atom malware; something called Electrum Gold; & forensic analysis of the malware & Bitcoin wallet, which, the letter added, “shows multiple thefts.”

Electrum Bitcoin Wallet

The Electrum Atom wallet is a part of the well-known Electrum Bitcoin wallet.

The defendants argue that the US Statute of Limitations has expired & that the lawsuit should be dismissed, according to their response to the lawsuit (PDF via Krebs). No one denies that the 2 teens stole the Bitcoin.

“Mr. Schober learned of his injury & its cause less than 3 years before he filed his Complaint, a fact that discovery will prove & more importantly & which the Complaint does not contradict,” the response outlined. “As such, dismissal at the pleading stage would be inappropriate, & the defendants’ motions to dismiss should be denied.”

Electrum Atom Malware

Schober downloaded a malicious version of Electrum crypto-currency wallet that, according to the lawsuit, was posted on Reddit by 1 of the teen threat players who promised that their wallet would allow access to “Bitcoin Atom” crypto-currency. Instead, when Schober copied & pasted a crypto-currency wallet address, the malware replaced it with an alternate address that the legal filing claimed was controlled by Thomson & Read.

“The Malware is particularly intrusive because, once the Malware is installed on the hard drive of the victim’s computer, the Malware cannot be deleted from the victim’s computer by uninstalling the program in which it was hidden,” the filing explained.

Java Library

“This is because the Malware embeds itself in the Java library on a victim’s computer, regardless of the location where the downloaded file is initially saved & conceals its existence using an encryption technique that obfuscates the Malware’s XOR strings.”

In this instance, the malware’s function was used on the copy-paste data for a crypto wallet, but in the future it could be turned against anything else put on the computer’s clipboard, like passwords, the suit went on to say.

Crypto-Currency Security & Privacy

Just this week, crypto-interoperability platform Proxy Logon was able to retrieve more than $610m stolen after its systems were breached. The crypto was returned after the company tracked down the attacker, pleaded for the money back & even offered them a job as the company’s Chief Security Officer.

As volatile crypto markets continue to produce value, threat players will continue their schemes to steal from users’ wallets. They will also be forced to work around blockchain ledgers, which leave a clear-cut link to stolen funds.

Follow the Transaction

“Crypto assets, like bitcoin, post transactions to a public blockchain. Anybody can follow the transaction as it hops from digital wallet to digital wallet by using free & commercial blockchain explorer tools for the specific blockchain,” Coalfire’s Karl Steinkamp outlined.

“Tracking of crypto assets varies by crypto asset & its native features, which may include privacy enhancing features, which some altcoins (Zcash, Monero, etc.) have implemented.”

Blockchain’s Protections

Those privacy features are drawing attackers to crypto currencies like Monero precisely because they are hard to track, states Netenrich’s John Bambenek.

Besides favouring more private platforms, Steinkamp predicts that attackers will also start to mix & develop tools around blockchain’s protections.

“This will necessarily require industry white hats to dramatically improve their cyber-security tools & processes to account for a more nimble bad actor,” Steinkamp concluded.

https://www.cybernewsgroup.co.uk/virtual-conference-september-2021/

 

SHARE ARTICLE