While posing as a Gemini support representative, they deceived the victim into resetting two-factor authentication (2FA) and sharing their screen via AnyDesk (a remote desktop application) after claiming the account had been compromised, which gave them access to private keys from Bitcoin Core and allowed them to steal the target's cryptocurrency funds. Twelve more suspects were charged in a RICO conspiracy for their alleged involvement in the theft of over $230 million in cryptocurrency and laundering the funds using crypto exchanges and mixing services. They reportedly laundered the stolen cryptocurrency using crypto mixers and exchanges, pass-through wallets, "peel chains," and virtual private networks (VPNs) to hide their identities and locations. According to court documents, Lam, Serrano, and others involved in the scheme allegedly gained unauthorized access to victims' cryptocurrency accounts and transferred funds into crypto wallets they controlled. While most of the stolen cryptocurrency assets were converted to Monero for added anonymity, the attackers reportedly made some critical errors, linking the laundered funds to the original stolen amounts. The stolen cryptocurrency was subsequently used to finance lavish lifestyles, with the defendants allegedly spending the stolen funds on luxury cars, high-end watches, designer handbags, nightclub outings, and international travel. Crypto fraud investigator ZachXBT, who assisted the FBI investigators, revealed that the group targeted a creditor of the Genesis crypto exchange, using spoofed phone numbers and impersonating customer support at Google and Gemini. "An initial tracing showed $243M split multiple ways between each party before funds quickly peeled off to 15+ exchanges immediately swapping back and forth between Bitcoin, Litecoin, Ethereum, and Monero," ZachXBT said.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 16 May 2025 09:09:54 +0000