The European Union Agency for Law Enforcement Cooperation (Europol) has recently managed to arrest the person behind the theft of over 10 million euro worth of cryptocurrency IOTA from over 85 people during the previous year. The Europe-wide investigation had the state police from Hesse in Germany and the National Crime Agency, involved in this case as well.
Here’s a video published by Europol of the arrest:
The thefts first began during January 2018, by a hacker under the pseudo-name Norbertvdberg, under the impression of providing assistance to other IOTA users. According to Europool, he set up a website named iotaseed.io, which was advertised as a random seed (password) generator. The site stated to offer help for IOTA users to generate unique passwords that are compliant with the specifications of various IOTA wallet applications, needing to be 81-digit-long and utilizing certain characters.
The hacker went even further by convincing the victims of his legitimacy by creating a GitHub, a web-based hosting service for coders, repository claiming to contain the source code for the iotaseed.io service. Although according to information provided by a UK Student by the name of Alex Studer, the code generated predictable passwords that the hacker secretly logged. The password was always used a fixed seed plus a counter variable that increased by one every time the program was running, making the password very easy for the hacker to figure out.
The website was up and running as of August 2017 until January 2018, and Norbertvdberg was estimated to have begun stealing funds during January 2018. Although, victims did file reports with authorities and the Hessen State Police in German began their investigation during the previous year.
The hacker was identified during July 2018 and was finally arrested during January 23rd, on charges of fraud, theft and money laundering.