How can I steal thee? Let me count the ways.
The recent theft of more than one billion Crowd Machine (CMCT) tokens is a real-time case study of whether or not law enforcement in multiple jurisdictions can coordinate with exchanges and other crypto firms to prosecute and convict sophisticated criminals who steal difficult-to-track cryptocurrencies.
On Sept. 22, CMCT's price dropped 84% to $0.0021 when investors learned that a large number of tokens had been stolen and sent to various exchanges including IDEX and Bittrex. Crowd Machine stated on Medium that access to its crypto wallet had been compromised.
Traditional methods of identifying criminals seem to apply when it comes to digital assets, specifically know-your-customer (KYC) requirements, video surveillance and smartphones that leave a digital footprint of criminal activity. The San Jose, Calif.-based company hasn't released much details because of ongoing criminal investigation but CEO Craig Sproule did announce on Medium that IDEX and Bittrex have suspended trading of CMCT. It has a market capitalization of $1.5 million USD although that figure has dropped in the days after the hack.
Last week, Oklahoma City Police arrested Fletcher Robert Childers, 23, and Joseph Harris, 21, both of Missouri. According to local station News 4, the two stole $14 million from Crowd Machine though it's unclear in what fiat or crypto denominations.
KYC is believed to be partly responsible as to why an arrest was made just hours after the heist was reported. Sproule told Oklahoma's News 4 that "the victim, who had $14 million stolen by the occupant of the hotel room has also been receiving taunting e-mails from the suspect. The suspect is also actively laundering the cryptocurrency through several different exchanges, some of which are not located in the United States."
It's believed "the hack was accomplished through a SIM swap, which allows hackers to steal a personâs mobile phone number and identity," per News 4 report. Court filings show that Santa Clara County District Attorneyâs Office, California's Regional Enforcement Allied Computer Team (REACT) and U.S. Secret Service field office in Oklahoma City coordinated on the investigation. Investigators used a Walmart surveillance video and tracked the phone used in the Crowd Machine hack to locate the two suspects at a SpringHill Suites hotel.
Whether or not all of the CMCT tokens can be recovered remains to be seen. If the suspect(s) traded these for Monero (XMR) or other privacy coins before their accounts were suspended, that portion of the funds could be gone forever. A Sept. 2018 report by Cyber Threat Alliance (CTA) found that fraudsters overwhelmingly prefer to use mining malware with Monero (85%) followed by Bitcoin (BTC) at 8% and all other digital coins combining for 7%. While Bitcoin is pseudonymous, Monero is anonymous and untraceable.
Articles by Marvin Dumont:
Bitcoin And Monero Used To Launder $89M: Investigation
Ethereum To âRally Stronglyâ To $1,900 In 2019: Fundstrat
Did Satoshi Nakamoto Cash Out 30,000 Bitcoins?
Chinaâs Baidu Developing Next-Gen âXuperChainâ Network
Google-Funded Veem Uses Bitcoin To Improve Intâl Payments