Man Steals Crypto Posing As Uber Driver

[pushups44]

From Cointelegraph:

Once inside the car, police say Hussein asked to borrow the passenger’s phone because his device was broken. In the second case, Hussein offered to troubleshoot the Uber app after the passengers questioned why it indicated the driver hadn’t arrived yet.

It’s alleged Hussein then used his passenger’s phone to raid their Coinbase accounts with a phone-to-phone transfer of crypto and a phone transfer to cold storage.

https://cointelegraph.com/news/fake-uber-driver-arrested-stealing-thousands-from-unsuspecting-passengers

Does anyone have any idea how this guy was able to bypass login credentials, or did he simply open the Coinbase app and transfer coins to himself? I would think phone apps would have greater security than this, and again this points to a phone app vulnerability once someone physically possesses a phone. This could be an argument for not storing or accessing crypto in a phone.

[FortuneFollower]

Some people don't guard their apps and are vulnerable to things like that with passwords and etc.
Didn't use Coinbase, however, for such things, there absolutely should be a question of securing who does the operation in question - a code to an auth. app, a secret code, a password to enter the phone, etc.
All of these and more.
And, of course - never give a phone to someone you don't know entirely, you can't trust people like that.

[hero_the_bossman]

At least he was banned for so many things to do afterward and got what he deserved (the Hussein in question).
Overall - don't entrust somebody from the backseat with something where you store your funds, even if it's secured by passwords and things like that 

[davis196]

It’s alleged Hussein then used his passenger’s phone to raid their Coinbase accounts with a phone-to-phone transfer of crypto and a phone transfer to cold storage.

I've never heard anything about a "phone-to-phone crypto transfer". The article author should elaborate more on this new technology.
I would never store my crypto in a mobile crypto wallet and I would never give my mobile device to strangers. I also don't use Uber or taxis, so I guess that I'm safe, when it comes to such scams.
How did this "Uber driver" know who has a crypto wallet on his phone and who doesn't? Did he ask all his passengers to give him their mobile devices? He probably did some initial research and preparation before he started doing this scam.
Criminals are getting way more innovative, when it comes to stealing crypto, but every criminal gets caught, sooner or later.

[fikrett]

It’s alleged Hussein then used his passenger’s phone to raid their Coinbase accounts with a phone-to-phone transfer of crypto and a phone transfer to cold storage.

I've never heard anything about a "phone-to-phone crypto transfer". The article author should elaborate more on this new technology.
I would never store my crypto in a mobile crypto wallet and I would never give my mobile device to strangers. I also don't use Uber or taxis, so I guess that I'm safe, when it comes to such scams.
How did this "Uber driver" know who has a crypto wallet on his phone and who doesn't? Did he ask all his passengers to give him their mobile devices? He probably did some initial research and preparation before he started doing this scam.
Criminals are getting way more innovative, when it comes to stealing crypto, but every criminal gets caught, sooner or later.

This bad boy scrolled through the apps of a victim probably and went out on a hunt.
Never saw the phone-to-phone transfer too, but fortunately, he was caught in the end and has lots of trouble due to his actions.
The lesson would be to get vigilant and don't trust strangers with your devices.

[Dave1]

Does anyone have any idea how this guy was able to bypass login credentials, or did he simply open the Coinbase app and transfer coins to himself? I would think phone apps would have greater security than this, and again this points to a phone app vulnerability once someone physically possesses a phone. This could be an argument for not storing or accessing crypto in a phone.

Most likely that was the case, he didn't have to bypass the login credentials as he could be holding the phone already and so all he has to do is to open Coinbase and most likely the owner had the password save in his account in the phone itself.

And with that, it's going to be very quick for him to do the transfer. So yes, perhaps one lesson learn is that we shouldn't save the password itself on the phone so just in case it's not compromised, it might take days for someone to steal your crypto. And by that time, you might have reported to Coinbase already, or change everything.

[hugeblack]

These articles rarely describe the technical issues well and some are misleading but why keep your coins in Coinbase and why use the same phone you use for  every day deals. The simplest advice would be to use cold storage or a separate phone for crypto/hardware wallet and Not your keys not your coins

[Finestream]

Does anyone have any idea how this guy was able to bypass login credentials, or did he simply open the Coinbase app and transfer coins to himself? I would think phone apps would have greater security than this, and again this points to a phone app vulnerability once someone physically possesses a phone. This could be an argument for not storing or accessing crypto in a phone.

The owner might not have enabled 2FA security on their account, because if they had, even if the perpetrator accessed the phone, he wouldn’t have been able to make a transaction without the 2FA code. Sometimes, we become too complacent since we carry our phones everywhere, and we forget to activate basic security features that are crucial for protecting our assets.

This was a tough lesson for the victim- unfortunately, learned the hard way.

[Apocollapse]

This is why I said we need to have at least two devices, one for personal and important thing, another one is for outside usage, work etc.

Too bad for them, this will give them a big lesson. There have been many cases like this where unknown persons borrow other people's property, but they didn't return back the property to the owner. So, I have stopped to help to unknown people, sometime I also not want to help my friends because chance to lost is high too.

The owner might not have enabled 2FA security on their account, because if they had, even if the perpetrator accessed the phone, he wouldn’t have been able to make a transaction without the 2FA code.

Most people enabled 2FA security, but they installed the 2FA apps in the same phone which kill the purpose of 2FA. 2FA apps should be installed in another device.

[Cryptomultiplier]

From Cointelegraph:

Once inside the car, police say Hussein asked to borrow the passenger’s phone because his device was broken. In the second case, Hussein offered to troubleshoot the Uber app after the passengers questioned why it indicated the driver hadn’t arrived yet.

It’s alleged Hussein then used his passenger’s phone to raid their Coinbase accounts with a phone-to-phone transfer of crypto and a phone transfer to cold storage.

https://cointelegraph.com/news/fake-uber-driver-arrested-stealing-thousands-from-unsuspecting-passengers

Does anyone have any idea how this guy was able to bypass login credentials, or did he simply open the Coinbase app and transfer coins to himself? I would think phone apps would have greater security than this, and again this points to a phone app vulnerability once someone physically possesses a phone. This could be an argument for not storing or accessing crypto in a phone.

If this ain't a case of hacking, then I wonder how possible it was for an Uber driver presumably driving, to access a borrowed phone and navigate to the customers crypto wallet or exchange, login, and then complete a transfer without the customer having a prior knowledge.

Some stories are just too plain to be true and if it isn't because of creating a post that some would manufacture stories for, then it would be a case of wrong story telling ability. Otherwise, such a customer lost the cryptocurrency on their way or due to their carelessness with the Uber driver.

[lovesmayfamilis]

No matter how many times people are warned that they should not keep their assets on mobile phones or exchanges, we regularly hear about one or another case of robbery. Some are very self-confident, believing that nothing like this will happen to them, not caring about the basic protection of their gadgets. But the amount that the robber received does not look like a trifle, so the risks were high, even without giving the phone to a stranger, but simply losing it completely by accident. I wonder who the victims would blame in this case, since firstly they should have taken care of their funds and started blaming themselves.

[Alphakilo]

These articles rarely describe the technical issues well and some are misleading but why keep your coins in Coinbase and why use the same phone you use for  every day deals. The simplest advice would be to use cold storage or a separate phone for crypto/hardware wallet and Not your keys not your coins

One would think that with the plethora of information on the internet and offline on how to stay safe and protect your crypto assets that many people who hold crypto would have learned about this but this proves otherwise.

We must continue to educate friends, family and strangers who are interested in cryptocurrency. We must never assume that they know how to protect their assets . We much utilize all the medium to educate them.

[Perfectbaby]

These articles rarely describe the technical issues well and some are misleading but why keep your coins in Coinbase and why use the same phone you use for  every day deals. The simplest advice would be to use cold storage or a separate phone for crypto/hardware wallet and Not your keys not your coins

This is one thing I don't permit as I am currently because I wouldn't know who is whom to trust about handling my phones over to them. And of course it's very bad for such action to take effects immediately without the knowledge of the owner and how did he smartly or outsmart the owner of the phone to transfer out his coins. Again, like I know it's imperatively to have another phone or laptop to have their wallet installed then phone should be for monitoring and not for serious actions or operation.

[headingnorth]

My Coinbase app requires a secondary fingerprint scan to open it.
So even if I handed my phone to a friend for them to make a call, they would not be able to open the app.

Most financial apps involving the storage of any kind of funds will prompt you to enable this security feature when you first install them. I always say yes.
We are all human and even the most security conscious among us can have a momentary lapse of judgment.

That is what the extra security step is for. To protect us from our own stupidity, like letting a complete stranger use your cell phone.
All it takes is a couple of minutes and your life savings could be drained in an instant, not that you should ever store large amounts of crypto on any exchange.

[lovesmayfamilis]

We must continue to educate friends, family and strangers who are interested in cryptocurrency. We must never assume that they know how to protect their assets . We much utilize all the medium to educate them.

Just imagine those people who have a sum with three zeros on the exchanges, but they still do not know how to secure these funds. I always assumed that any normal person, being a beginner, would never risk a large sum of money without learning all the intricacies of storage. But if this is a true story, then it turns out that both the taxi driver and his passengers are familiar with cryptocurrency. Do we need to guess whether these were random people or the driver somehow tracked them?
Today's information is enough to not lose your funds, but if you ask people why they are so sloppy, you will be surprised to hear a lot of ridiculous answers.

[ABCbits]

It’s alleged Hussein then used his passenger’s phone to raid their Coinbase accounts with a phone-to-phone transfer of crypto and a phone transfer to cold storage.

I've never heard anything about a "phone-to-phone crypto transfer". The article author should elaborate more on this new technology.

CoinTelegraph known to being vague. But from quick search, it seems the victim use CoinBase custodial wallet/service which offer instant/off-chain send where you can enter phone number/email address belong to different Coinbase user[1].

My Coinbase app requires a secondary fingerprint scan to open it.
So even if I handed my phone to a friend for them to make a call, they would not be able to open the app.

Usually it's good suggestion. But in this case, it's not exactly helpful since the news mention the criminal threat his victim.

[1] https://help.coinbase.com/en/coinbase/trading-and-funding/sending-or-receiving-cryptocurrency/instant-sends

[m2017]

From Cointelegraph:

Once inside the car, police say Hussein asked to borrow the passenger’s phone because his device was broken. In the second case, Hussein offered to troubleshoot the Uber app after the passengers questioned why it indicated the driver hadn’t arrived yet.

It’s alleged Hussein then used his passenger’s phone to raid their Coinbase accounts with a phone-to-phone transfer of crypto and a phone transfer to cold storage.

https://cointelegraph.com/news/fake-uber-driver-arrested-stealing-thousands-from-unsuspecting-passengers

Does anyone have any idea how this guy was able to bypass login credentials, or did he simply open the Coinbase app and transfer coins to himself? I would think phone apps would have greater security than this, and again this points to a phone app vulnerability once someone physically possesses a phone. This could be an argument for not storing or accessing crypto in a phone.

This can be an argument for not giving your phone to strangers. And also, set a password to unlock the phone, as well as for applications responsible for finances. And even better, use the "double bottom" function to hide applications with access to cryptocurrencies.  Users themselves make mistakes with their phones, not adhering to security measures.

[john_egbert]

This can be an argument for not giving your phone to strangers. And also, set a password to unlock the phone, as well as for applications responsible for finances. And even better, use the "double bottom" function to hide applications with access to cryptocurrencies.  Users themselves make mistakes with their phones, not adhering to security measures.

There are also apps to set up a password for different apps on your phone individually. A scan of a finger, a picture with dots, and so on - all can be used to avoid the fate in the article.

[headingnorth]

It’s alleged Hussein then used his passenger’s phone to raid their Coinbase accounts with a phone-to-phone transfer of crypto and a phone transfer to cold storage.

I've never heard anything about a "phone-to-phone crypto transfer". The article author should elaborate more on this new technology.
I would never store my crypto in a mobile crypto wallet and I would never give my mobile device to strangers. I also don't use Uber or taxis, so I guess that I'm safe, when it comes to such scams.
How did this "Uber driver" know who has a crypto wallet on his phone and who doesn't? Did he ask all his passengers to give him their mobile devices? He probably did some initial research and preparation before he started doing this scam.
Criminals are getting way more innovative, when it comes to stealing crypto, but every criminal gets caught, sooner or later.

I think what they meant was he transferred her funds using the app on her phone to a crypto wallet that he had on his own phone.

Coinbase has a security feature where any new destination addresses must be whitelisted which requires you to wait 48 hours before you can send
anything to that address. So if the victim had enabled that feature it would not be possible for him do anything with her funds.
--------------------

It’s alleged Hussein then used his passenger’s phone to raid their Coinbase accounts with a phone-to-phone transfer of crypto and a phone transfer to cold storage.

I've never heard anything about a "phone-to-phone crypto transfer". The article author should elaborate more on this new technology.

CoinTelegraph known to being vague. But from quick search, it seems the victim use CoinBase custodial wallet/service which offer instant/off-chain send where you can enter phone number/email address belong to different Coinbase user[1].

My Coinbase app requires a secondary fingerprint scan to open it.
So even if I handed my phone to a friend for them to make a call, they would not be able to open the app.

Usually it's good suggestion. But in this case, it's not exactly helpful since the news mention the criminal threat his victim.

[1] https://help.coinbase.com/en/coinbase/trading-and-funding/sending-or-receiving-cryptocurrency/instant-sends

Even if he threatened her, it would make it a lot more complicated for him to access her funds had she enabled the secondary security feature.
If something isn't fast and easy to steal most thieves will simply give up.

[fikrett]

I think what they meant was he transferred her funds using the app on her phone to a crypto wallet that he had on his own phone.

Coinbase has a security feature where any new destination addresses must be whitelisted which requires you to wait 48 hours before you can send
anything to that address. So if the victim had enabled that feature it would not be possible for him do anything with her funds.

Sometimes, it astonishes me how people treat their funds, even on custodial wallets and their gadgets.
I hope all the parties got their lessons and there will be one less possibility of such cases in the future to come, because it's abysmal to see the funds being drained in such a manner, basically because of the trust coming from nowhere.