Two individuals have been arrested in connection to previous phishing scams that saw the victims lose Ripple coins worth more than $800,000. The two individuals were arrested in a joint operation conducted by both the FBI and South Korea’s Seoul police cybercrimes division.
The two individuals are believed to be the hired programmer and the employer mastermind. The programmer is a 42-year-old office worker while the mastermind happens to be his employer.
The programmer was hired to replicate a Ripple exchange website in an elaborate phishing scam. The mastermind in his part impersonated the real exchange’s email account and used it to send phishing emails to target victims. The message of the email was to let the victims know that their accounts had been frozen.
With the email, individuals were provided with a link to the fake website where they would try to log in and check the status of their funds. The victims’ details were then harvested as they tried to log in to the site.
With this information, the hackers were able to access the real exchange website before the individuals could realize and steal from the victims. According to a local report by JoonAng Ilbo, as many as 24 Korean and 37 Japanese investors fell for the scam and lost their funds.
The report also states that the mastermind exchanged the funds for local Korean Won currency and has been sending the funds on lavish lifestyle such including making payment on a five-star accommodation in high-end apartments and other luxury items.
The scam which was targeted at Japanese and Korean investors became a matter of concern to the American jurisdiction because the Ripple Company has been registered in the United States.
Further investigations by the police revealed that the mastermind had previously fallen victim to an exchange hack in 2014 and has since then been involved in phishing attempts. Desperate to recover his funds and knowing that the investigation had failed to offer solutions, he opted to carry out similar attacks.
He admitted to working with an accomplice at a Japanese cryptocurrency exchange who was responsible for providing insider information on prospective victims.
The accomplice is liable for divulging the victims’ email addresses, two-factor authentication, and other user account information. The police haven’t been able to arrest the accomplice but believe they could still be in Japan by the time the report was released.
The report also states that due to the fact that the South Korean government does not recognize cryptocurrencies as legal tender and that the mastermind claims to have already spent the funds, the victims could probably never be compensated.
This legal situation also burs the South Korean police from confiscating the suspect’s assets. However, the suspects will be tried under the Korean jurisdiction.