Michaela Alvez
U.S. federal prosecutors have charged five individuals accused of stealing $11 million in cryptocurrency and sensitive data from people and businesses across multiple countries.
On November 20, 2024, the California U.S. Attorney’s Office revealed charges against the group, alleging that they using phishing scams and SIM-swapping techniques to illegally access their victims’ accounts.
Dubbed “Scattered Spider,” the hacking group victimized at least 29 individuals, with one even losing more than $6.3 million in cryptocurrency. Prosecutors also said that the group targeted 45 companies across the United States, Canada, India, and the United Kingdom.
The defendants Ahmed Hossam Eldin Elbadawy (23) from Texas, Noah Urban (20) from Florida, Evans Osiebo (20) from Dallas, Joel Evans (25) from North Carolina, and Tyler Buchanan (22) from Scotland were charged by a federal grand jury indictment with one count of conspiracy, one count of conspiracy to commit wire fraud, and one count of aggravated identify theft.
If found guilty, each of them could face up to 20 years in federal prison for conspiracy to commit wire fraud, along with a maximum of five years for the conspiracy charge, and a mandatory two-year sentence for aggravated identity theft, to be served consecutively.
Scattered Spider Heist: How Did They Do It?
Court documents stated that the defendants conducted phishing attacks from September 2021 to April 2023. The Scattered Spider hackers conducted the sophisticated phishing scheme by sending mass short message service (SMS) text messages to the mobile phones of numerous victim companies’ employees.
The text messages typically warned employees that their accounts would be deactivated, directing them to fake websites that appeared to be legitimate pages of the victim companies or their trusted suppliers. These fraudulent sites were designed to trick recipients into revealing sensitive information, including their account login details.
Multiple employees visited the fake website, entered their login credentials, and in some cases, completed the identity verification process by responding to a two-factor authentication request sent to their mobile devices.
Using the stolen information obtained from victim companies, the Scattered Spider group gained unauthorized access to numerous individuals’ cryptocurrency accounts and wallets, then stole millions of dollars worth of virtual currency.
Growing Threat of Phishing Scams
The growing notoriety of phishing scams in the crypto world is a significant concern. As more individuals and institutions invest in cryptocurrencies, the pool of potential victims expands.
The anonymity and irreversibility of cryptocurrency transactions appeal to scammers, often preying on victims’ unfamiliarity with security best practices. However, even seasoned crypto investors have fallen victim to fraudsters.
Earlier this month, an anonymous investor using the handle “Still in the Game” shared details on social media about a phishing attack that led to a loss of $6.09 million. Crypto investigation firm Scam Sniffer reported that the victim clicked a fraudulent Zoom invite link, which led them to a counterfeit website crafted to harvest sensitive wallet details.
Federal agencies, including the Federal Bureau of Investigation (FBI), the U.S. Department of Justice (DOJ), and the U.S. Securities and Exchange Commission (SEC), have intensified efforts to combat crypto-related fraud, particularly phishing scams. These initiatives aim to identify and prosecute individuals engaging in fraudulent activities within the cryptocurrency sector.
In parallel, regulatory bodies such as the SEC and the Commodity Futures Trading Commission (CFTC) are dedicating significant resources to the oversight of crypto markets. Their focus is on developing stringent regulatory frameworks that enhance investor protections and curb the proliferation of scams.
Read More
- Transak Phishing Attack Affected 92,554 Users
- Ledger Wallet Users Targeted in Phishing Scheme to Activate Fake ‘Clear Signing’ Feature
- Phishing Scam Strikes Again: $1.28M in Crypto Gone
Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
