Thief Responsible for Fake IOTA Seed Generator Arrested in the UK

by Rachel McIntosh
  • One year after Iotaseed.io maliciously stole $10 million in IOTA, its founder was apprehended.
Thief Responsible for Fake IOTA Seed Generator Arrested in the UK
iStock
Join our Crypto Telegram channel

The thief responsible for the creation of a fake IOTA wallet seed generator Iotaseed.io has been captured by law enforcement authorities in the UK, according to an official announcement by Europol, the European Union's law enforcement agency.

Finance Magnates interviewed IOTA Founder David Sønstebø days after the theft occurred. At the time, it was believed that the equivalent of $4 million had been stolen; later, it was determined that a figure closer to $10 million was missing.

The 36-year-old Oxford-based man was taken into custody on January 23rd by the UK’s South East Regional Organised Crime Unit (SEROCU) in cooperation with the UK’s National Crime Agency (NCA), Europol, and German’s Hessen State Police. Authorities also seized a number of computers and other electronic devices.

[embed]https://youtu.be/OoxujsptsNg[/embed]

The Arrest is the Result of Collaboration Between Authorities in the UK, Germany, and the EU at Large

The investigation of the crime began shortly after the thefts occurred in early 2018. Hessen State Police received several reports of money being stolen from their cryptocurrency wallets. The investigation quickly led authorities to Iotaseed.io. The website took advantage of users by generating an 81-character “seed,” a sort of password that could then be used to protect a user’s IOTA wallet.

Iotaseed.io would generate these 81-digit-long strings of characters for users and then keep records of the seeds themselves. Then, when a user had used the seed to create a wallet, Iotaseed.io would use the seed to access a user’s wallet without permission and steal the coins inside, quietly transferring them to another wallet address.

Bad Boy, Bad Boy, Whatcha Gonna Do?

“So, this malicious actor essentially had people go there, and he/she created a website that looked very legitimate to new users. Therefore, they trusted it, and generated a seed there,” Sønstebø explained to Finance Magnates at the time. “That essentially means that they gave away their Private Key to a thief. It’s equivalent to giving your keys to someone as you go into a store, and then coming back out to find that your car is gone.”

German law enforcement authorities originally suspected that the culprit might be located within the UK starting in July. Eventually, the case was handed over to the Joint Cybercrime Action Taskforce (J-CAT) hosted at Europol’s European Cybercrime Centre (EC3). An operational meeting was also organized between EC3 and investigators in the UK and Germany. The collaboration of the countries and organizations is eventually what led to the arrest.

The Case Could Set New Precedents for Cybercrime

The apprehension of the suspect is significant because cybercrimes largely go unpunished. However, laws for cybercrimes are often unclear, as digital theft is still such a relatively new phenomenon. “We are doing everything we can in order to gather information to track down whoever this scumbag is, but of course, that is not easy, and we’ve seen before that it is borderline impossible,” Sønstebø said at the time that the crime occurred.

If the suspect is indeed the culprit behind the crime, it’s unclear how, when, or if users will have their stolen funds returned to them.

The thief responsible for the creation of a fake IOTA wallet seed generator Iotaseed.io has been captured by law enforcement authorities in the UK, according to an official announcement by Europol, the European Union's law enforcement agency.

Finance Magnates interviewed IOTA Founder David Sønstebø days after the theft occurred. At the time, it was believed that the equivalent of $4 million had been stolen; later, it was determined that a figure closer to $10 million was missing.

The 36-year-old Oxford-based man was taken into custody on January 23rd by the UK’s South East Regional Organised Crime Unit (SEROCU) in cooperation with the UK’s National Crime Agency (NCA), Europol, and German’s Hessen State Police. Authorities also seized a number of computers and other electronic devices.

[embed]https://youtu.be/OoxujsptsNg[/embed]

The Arrest is the Result of Collaboration Between Authorities in the UK, Germany, and the EU at Large

The investigation of the crime began shortly after the thefts occurred in early 2018. Hessen State Police received several reports of money being stolen from their cryptocurrency wallets. The investigation quickly led authorities to Iotaseed.io. The website took advantage of users by generating an 81-character “seed,” a sort of password that could then be used to protect a user’s IOTA wallet.

Iotaseed.io would generate these 81-digit-long strings of characters for users and then keep records of the seeds themselves. Then, when a user had used the seed to create a wallet, Iotaseed.io would use the seed to access a user’s wallet without permission and steal the coins inside, quietly transferring them to another wallet address.

Bad Boy, Bad Boy, Whatcha Gonna Do?

“So, this malicious actor essentially had people go there, and he/she created a website that looked very legitimate to new users. Therefore, they trusted it, and generated a seed there,” Sønstebø explained to Finance Magnates at the time. “That essentially means that they gave away their Private Key to a thief. It’s equivalent to giving your keys to someone as you go into a store, and then coming back out to find that your car is gone.”

German law enforcement authorities originally suspected that the culprit might be located within the UK starting in July. Eventually, the case was handed over to the Joint Cybercrime Action Taskforce (J-CAT) hosted at Europol’s European Cybercrime Centre (EC3). An operational meeting was also organized between EC3 and investigators in the UK and Germany. The collaboration of the countries and organizations is eventually what led to the arrest.

The Case Could Set New Precedents for Cybercrime

The apprehension of the suspect is significant because cybercrimes largely go unpunished. However, laws for cybercrimes are often unclear, as digital theft is still such a relatively new phenomenon. “We are doing everything we can in order to gather information to track down whoever this scumbag is, but of course, that is not easy, and we’ve seen before that it is borderline impossible,” Sønstebø said at the time that the crime occurred.

If the suspect is indeed the culprit behind the crime, it’s unclear how, when, or if users will have their stolen funds returned to them.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}