Since January 2018, 85 victims worldwide have been deprived of their IOTA assets. A malicious seed generator on iotaseed.io served the thief as a gateway to the wallets of the stolen. A joint operation between Europol and the British and German police led to the arrest of a suspect.
On 23 January, Europol reported in a press release that cooperation between British and German police authorities had led to the arrest of a suspect allegedly stealing IOTA worth 10 million euros. The operation involved the British Regional Organised Crime Unit in the South East of the United Kingdom (SEROCU), the Hessian State Police, the British National Crime Agency (NCA) and Europol.
The Seed as an Entrance Gate to Foreign Wallets
At the beginning of last year, the Hessian police had received several reports in which IOTA owners complained about the theft of their crypto assets. In the course of the investigation, the police found that the stolen property had a total value of ten million euros. A total of 85 victims have been stolen worldwide since January 2018.
Further investigations were able to quickly identify the scam artist’s scam. Background: To protect IOTA Wallets, a seed is created using a so-called seed generator. Of course, a seed is only safe if it remains secret. No one but the owner of the wallet is allowed to know it. On the website Iotaseed.io, however, a malicious seed generator was running, which did not protect the wallets, but rather caused the fraudster to invade them. In this way, the thief was able to empty the IOTA wallets of his victims. In return, he transferred the stolen goods to other wallets, which he had created with forged IDs.
In July 2018, the German authorities were able to identify a possible suspect in the United Kingdom. The case was then submitted to the Joint Task Force on Cybercrime (J-CAT). This special unit at Europol’s European Centre for Cybercrime (EC3) then coordinated international cooperation between the British and German police. The cooperation subsequently led to a search of an address in Oxford. SEROCU did not only confiscate a number of computers and electronic devices. It also arrested a 36-year-old person on suspicion of fraud, theft and money laundering. So far, however, there is still talk of a suspect, so that it can be assumed that the authorities have not yet been able to prove the guilt unequivocally.