Chirag Tomar, a 31-year-old from India, received a five-year federal prison sentence for orchestrating a cryptocurrency fraud scheme that defrauded hundreds of victims of over $20 million. U.S. District Judge Kenneth D. Bell imposed the sentence, which also includes two years of supervised release.
According to court documents, Tomar and his associates conducted the fraud by creating a fake website resembling the legitimate cryptocurrency exchange Coinbase. Beginning in June 2021, they set up a fraudulent version of the exchange’s professional trading site, using a fake URL, CoinbasePro.com. Victims trying to access their Coinbase accounts were tricked into providing their login credentials.
The fraudsters impersonated Coinbase customer service representatives to extract two-factor authentication codes from victims. In some cases, they instructed individuals to install remote desktop software, granting them full control over their computers. Tomar exploited the stolen credentials to access multiple victim accounts and transfer funds into wallets he controlled. He then converted the cryptocurrency into other digital assets and moved them across several wallets to obscure the transactions, eventually converting the funds into cash.
Tomar used the stolen money to fund a lavish lifestyle, purchasing luxury items such as Audemars Piguet watches, high-end vehicles like Lamborghinis and Porsches, and traveling to destinations such as Dubai and Thailand.
The scheme affected people worldwide, including in North Carolina’s Western District. In February 2022, a local resident attempting to access his Coinbase account through the spoofed site fell victim to the scheme. The fake website claimed the account was locked and prompted the individual to call a provided number, where a fake representative tricked them into giving up their 2FA details. This allowed the criminals to steal over $240,000 worth of cryptocurrency from the victim’s wallet.
Such incidents are not isolated. In 2021, Soufiance Oulahya was charged with stealing $450,000 in cryptocurrencies and NFTs by spoofing the OpenSea marketplace. Additionally, Convex Finance had to create two alternative URLs after its DNS was hijacked in a spoofing attack, leading to users unknowingly approving malicious contracts. Although five wallets were affected, verified contracts remained secure.
The threat extends beyond cryptocurrency. In 2020, JP Morgan was fined nearly $1 billion for spoofing practices in metals futures and Treasury securities after being implicated in the FinCEN files for allegedly laundering up to $2 trillion in illicit funds.
#Cryptocurrency #Fraud #Cybercrime #Security
