Ukraine - man arrested for stealing bitcoins and altcoins

[hatshepsut93]

Source (in Ukrainian): http://mvs.gov.ua/ua/news/18175_Kiberpoliciya_vikrila_cholovika_u_vikradenni_elektronnih_koshtiv_z_kriptogamanciv.htm

My short summary:

The suspect worked in some unnamed crypto exchange based in Britain as tech support worker. He was targeting accounts of inactive users without 2FA installed, he was changing or adding recovery emails to those accounts, which allowed him to reset passwords and steal all user balance. The police estimates that he stole 720,000 UAH this way (~26,000 USD). The suspect was spending stolen money on gambling.

This should be yet another reminder to never store coins online for long term, and always use strong 2FA on your account and your email.

[1714016227]

1714016227

[1714016227]

1714016227

[1714016227]

1714016227

[1714016227]

1714016227

[Bagaji]

SAD news to those customers that are involved and also the suspect in question. Cold wallet still remain my favorite no matter how had they put pressure on me to send my coins to exchanges. Imagine customer funds be used by an insider not even a hacker, let him face the dirty part of the law and let him spend the rest of his life in jail.

[livingfree]

Yeaah another incident that no one should store their coins on exchanges. And for 2FA, google authenticator or authy would be a great of help to at least the security for your funds.

Though it happened to an unnamed crypto exchange, we can take this too as a lesson that dont ever trust your fund with anyone even a trusted exchange can have this kind of employee.

[BitHodler]

This should be yet another reminder to never store coins online for long term, and always use strong 2FA on your account and your email.

I'm afraid that there is nothing that will help making people aware of that. Even if the existing crypto coiners stop using exchanges as online wallets, the newbies who enter the market will replace them and make the same mistake.

At the end of the day, the speculative side of crypto makes people less interested in self storage, especially when it comes to shitcoins. People rather use an exchange to store them than having to search for clients and do it themselves.

I do however have to point out that there have been a few clients released in the last couple of months that allow people to conveniently store even the most trashy coins themselves.

[AmoreJaz]

SAD news to those customers that are involved and also the suspect in question. Cold wallet still remain my favorite no matter how had they put pressure on me to send my coins to exchanges. Imagine customer funds be used by an insider not even a hacker, let him face the dirty part of the law and let him spend the rest of his life in jail.

good thing that they caught him before he can rip other accounts
more then likely, he will try those active accounts if he finished those inactive ones.
remember he's into gambling. he wants more money...

the reason why i transferred my btc to my wallet, even if i really trusted my exchange
youll never know whats going to happen

[eaLiTy]

The suspect worked in some unnamed crypto exchange based in Britain as tech support worker. He was targeting accounts of inactive users without 2FA installed, he was changing or adding recovery emails to those accounts, which allowed him to reset passwords and steal all user balance. The police estimates that he stole 720,000 UAH this way (~26,000 USD). The suspect was spending stolen money on gambling.

This should be yet another reminder to never store coins online for long term, and always use strong 2FA on your account and your email.

He was so stupid that he thought he will get away from stealing from his own company, i am not sure what he was thinking that he could get away from stealing from inactive users. he just ruined his career and life for his gambling addiction i suppose as he spent the stolen money for gambling. Always secure your coins and always use the second factor authentication at all time and never store your coins anywhere without you having the private key

[xWolfx]

good thing that they caught him before he can rip other accounts
more then likely, he will try those active accounts if he finished those inactive ones.
remember he's into gambling. he wants more money...

the reason why i transferred my btc to my wallet, even if i really trusted my exchange
youll never know whats going to happen

Truth. And i would expand it and say that not only exchanges but any web/browser wallet for the exact same reason.

If you don't hold the keys yourself there is a fair possibility that you will have troubles in the future. Some way or another. In this case, sadly it was an internal enemy, not that easy to see coming. Reason why internal security and limited permissions for employees are key in industries.

[hatshepsut93]

I'm afraid that there is nothing that will help making people aware of that. Even if the existing crypto coiners stop using exchanges as online wallets, the newbies who enter the market will replace them and make the same mistake.

At the end of the day, the speculative side of crypto makes people less interested in self storage, especially when it comes to shitcoins. People rather use an exchange to store them than having to search for clients and do it themselves.

I do however have to point out that there have been a few clients released in the last couple of months that allow people to conveniently store even the most trashy coins themselves.

Sure, some people will not learn, sometimes even after it happens to them, but still its worth bringing attention to this issue, especially with real world examples. I personally had horrible security when I started using Bitcoin, but after reading posts about people losing their coins to hackers, I've took a lot of measures, and I feel pretty secure and none of my accounts or wallets were ever hacked. Who knows what would have happened if I didn't visit this forum and other platforms and didn't read stories and advises, maybe I would have become a victim too.

[pooya87]

This should be yet another reminder to never store coins online for long term, and always use strong 2FA on your account and your email.

true, but in this particular case 2FA was not preventing this man from stealing user's cryptocurrencies. he just chose those accounts without 2FA because it was more convincing to lie and say they were hacked compared to saying an account with 2FA was hacked!
the moral of this story is not to trust any exchange with your money. the coins are in their database and no matter what password and 2FA you choose they can still rob you.

[Kakmakr]

A lot of people might say $25 000 is not a lot of money, when you compare it with the millions of dollars that were "hacked" in the past, but the damage incidents like this do for investor confidence is much more than the amount that was stolen. These third party services are supposed to secure the money/bitcoins that are stored on that platform and then we find that it is stolen by it's own employees. <inside jobs>

I will go as far as saying, a lot of other so-called "Hacks" was inside jobs too. 

[VitKoyn]

Source (in Ukrainian): http://mvs.gov.ua/ua/news/18175_Kiberpoliciya_vikrila_cholovika_u_vikradenni_elektronnih_koshtiv_z_kriptogamanciv.htm

My short summary:

The suspect worked in some unnamed crypto exchange based in Britain as tech support worker. He was targeting accounts of inactive users without 2FA installed, he was changing or adding recovery emails to those accounts, which allowed him to reset passwords and steal all user balance. The police estimates that he stole 720,000 UAH this way (~26,000 USD). The suspect was spending stolen money on gambling.

This should be yet another reminder to never store coins online for long term, and always use strong 2FA on your account and your email.

I agree that 2FA should be always enabled by users of exchanges this will add another security of your funds but enabling 2FA doesn't mean your cryptocurrencies are already safe, if the exchange you are using got hacked or planned an exit scam your funds can still be stolen, that is why never use exchanges for storing big amount of cryptocurrencies even the exchange is well known, but I'm just curious what exchanges are those he worked for. I don't want to click on the link of your source so I made my own research but can't found any similar to this. Anyway, good thing that this man gets caught already because it is possible that he will continue to do that.

[shoreno]

Source (in Ukrainian): http://mvs.gov.ua/ua/news/18175_Kiberpoliciya_vikrila_cholovika_u_vikradenni_elektronnih_koshtiv_z_kriptogamanciv.htm

My short summary:

The suspect worked in some unnamed crypto exchange based in Britain as tech support worker. He was targeting accounts of inactive users without 2FA installed, he was changing or adding recovery emails to those accounts, which allowed him to reset passwords and steal all user balance. The police estimates that he stole 720,000 UAH this way (~26,000 USD). The suspect was spending stolen money on gambling.

This should be yet another reminder to never store coins online for long term, and always use strong 2FA on your account and your email.

I agree that 2FA should be always enabled by users of exchanges this will add another security of your funds but enabling 2FA doesn't mean your cryptocurrencies are already safe, if the exchange you are using got hacked or planned an exit scam your funds can still be stolen, that is why never use exchanges for storing big amount of cryptocurrencies even the exchange is well known, but I'm just curious what exchanges are those he worked for. I don't want to click on the link of your source so I made my own research but can't found any similar to this. Anyway, good thing that this man gets caught already because it is possible that he will continue to do that.

not only in an online exchange but also on other accounts as well because this adds extra security to our account and hackers will be having a hard time to hack us but if a hacker is really dedicated they can still hack 2fa enabled accounts . they even hack an exchange which has a tripple security  . me myself isnt a fan of 2fa's because i dont usually store my cryptos online for a longer time . if ever i have some , those coins are still not expensive . so i guess hackers wont ever got interested on my account  .

[AB de Royse777]

Source (in Ukrainian): http://mvs.gov.ua/ua/news/18175_Kiberpoliciya_vikrila_cholovika_u_vikradenni_elektronnih_koshtiv_z_kriptogamanciv.htm

My short summary:

The suspect worked in some unnamed crypto exchange based in Britain as tech support worker. He was targeting accounts of inactive users without 2FA installed, he was changing or adding recovery emails to those accounts, which allowed him to reset passwords and steal all user balance. The police estimates that he stole 720,000 UAH this way (~26,000 USD). The suspect was spending stolen money on gambling.

This should be yet another reminder to never store coins online for long term, and always use strong 2FA on your account and your email.

Poor guy hehe.
This is exactly what happen when you trust someone else with your money. I have simple theory, when I need to trade any coin then I move them from my wallet to the exchange I want then once the trade done I move the coin back to my wallet. There are fees involved but at-least i feel secure that my coins are not going anywhere.

Cheers :-)

[Pursuer]

A lot of people might say $25 000 is not a lot of money, when you compare it with the millions of dollars that were "hacked" in the past, but the damage incidents like this do for investor confidence is much more than the amount that was stolen. These third party services are supposed to secure the money/bitcoins that are stored on that platform and then we find that it is stolen by it's own employees. <inside jobs>

I will go as far as saying, a lot of other so-called "Hacks" was inside jobs too. 

it is not just about "inside jobs" it is also about exchanges that scam you themselves! in other words I am talking about  cases that there were no hacks to begin with. it was the exchange itself scamming its users to make millions over night.
like those that closed and ran away, or like bittrex which overnight closed the accounts of thousands of users and took their money. they made millions overnight!

[Siren]

Source (in Ukrainian): http://mvs.gov.ua/ua/news/18175_Kiberpoliciya_vikrila_cholovika_u_vikradenni_elektronnih_koshtiv_z_kriptogamanciv.htm

                  -snip-

This is alarming considering that still many users and holders of cryptocurrencies are not knowledgeable about the goodness of using 2fa

And this is one best example to learn that we must not leave our cryptos for long always check the folios since things like this might happen to each of us

This must be addressed and may give actions fo us to continue trusting their sites for our cryptocurrency

[Snaic]

This should be yet another reminder to never store coins online for long term, and always use strong 2FA on your account and your email.

true, but in this particular case 2FA was not preventing this man from stealing user's cryptocurrencies. he just chose those accounts without 2FA because it was more convincing to lie and say they were hacked compared to saying an account with 2FA was hacked!
the moral of this story is not to trust any exchange with your money. the coins are in their database and no matter what password and 2FA you choose they can still rob you.

Yes, in any case, if we store our cryptocurrency not in our wallet, there will always be the danger of it being stolen by various officials who will have access to them. Unfortunately, the security of our cryptocurrency will always be in doubt.
Such crimes are quite difficult to prove and solve. Law enforcement agencies of Ukraine worked well here, given that the investigation led the usual district police department of the city of Kiev.

[talkbitcoin]

hopefully things like this lead to more development of decentralized exchanges and also push people towards them because i believe that the future belongs to decentralization of everything specially exchanges where we trade decentralized cryptocurrencies.
and for them to become better, people have to use them more. and sometimes these types of incentive can help with that.

[btc_angela]

This should be yet another reminder to never store coins online for long term, and always use strong 2FA on your account and your email.

That's right the recent event on QuadrigaCX and these one is compelling reason that not just to store coins for long term, but not put all your funds in a exchange because we don't know that there are bad actors like the one reported here. It's more of an inside job, but the good thing is that the criminal was caught.

[Red-Apple]

This should be yet another reminder to never store coins online for long term, and always use strong 2FA on your account and your email.

That's right the recent event on QuadrigaCX and these one is compelling reason that not just to store coins for long term, but not put all your funds in a exchange because we don't know that there are bad actors like the one reported here. It's more of an inside job, but the good thing is that the criminal was caught.

to be fair most people don't "store" their funds on exchanges they have them there because they are trading and they have no other choice to have them on exchanges for example when opening up a (buy or sell) order and waiting for it to be filled. and that is when they get hacked and lose their money or the exchange scams them and they lose money!

[Savemore]

Source (in Ukrainian): http://mvs.gov.ua/ua/news/18175_Kiberpoliciya_vikrila_cholovika_u_vikradenni_elektronnih_koshtiv_z_kriptogamanciv.htm

My short summary:

The suspect worked in some unnamed crypto exchange based in Britain as tech support worker. He was targeting accounts of inactive users without 2FA installed, he was changing or adding recovery emails to those accounts, which allowed him to reset passwords and steal all user balance. The police estimates that he stole 720,000 UAH this way (~26,000 USD). The suspect was spending stolen money on gambling.

This should be yet another reminder to never store coins online for long term, and always use strong 2FA on your account and your email.

Hackers are one of the major problems why there are people who are afraid to enter in the cryptocurrency market. There are many skillful hackers nowadays so we should be careful in storing our bitcoins. Many more exchanges are continuing to be hacked, we should carefully choose best and reliable exchange that fit to us.