Man Steals Crypto Posing As Uber Driver

[headingnorth]

I think what they meant was he transferred her funds using the app on her phone to a crypto wallet that he had on his own phone.

Coinbase has a security feature where any new destination addresses must be whitelisted which requires you to wait 48 hours before you can send
anything to that address. So if the victim had enabled that feature it would not be possible for him do anything with her funds.

Sometimes, it astonishes me how people treat their funds, even on custodial wallets and their gadgets.
I hope all the parties got their lessons and there will be one less possibility of such cases in the future to come, because it's abysmal to see the funds being drained in such a manner, basically because of the trust coming from nowhere.

It's scary to think how much of our life and even all of our assets can be accessed from our phones, tablets, laptops, etc.
That is why people should be hyper-vigilant, almost to the point of paranoia when it comes to their phone and device security.

So at minimum, enable every advanced security feature possible on your device.
It is well worth it to sacrifice a little convenience to gain a great amount of security.

You never know when your device will be lost, stolen or destroyed. It can happen in an instant.

[fikrett]

I think what they meant was he transferred her funds using the app on her phone to a crypto wallet that he had on his own phone.

Coinbase has a security feature where any new destination addresses must be whitelisted which requires you to wait 48 hours before you can send
anything to that address. So if the victim had enabled that feature it would not be possible for him do anything with her funds.

Sometimes, it astonishes me how people treat their funds, even on custodial wallets and their gadgets.
I hope all the parties got their lessons and there will be one less possibility of such cases in the future to come, because it's abysmal to see the funds being drained in such a manner, basically because of the trust coming from nowhere.

It's scary to think how much of our life and even all of our assets can be accessed from our phones, tablets, laptops, etc.
That is why people should be hyper-vigilant, almost to the point of paranoia when it comes to their phone and device security.

So at minimum, enable every advanced security feature possible on your device.
It is well worth it to sacrifice a little convenience to gain a great amount of security.

You never know when your device will be lost, stolen or destroyed. It can happen in an instant.

Agreed.
In such a case, it's important to remember what - can - happen - if your info will be leaked in such a way.
So all the methods that we discussed there should be used to not become the person from the story.

[shield132]

From Cointelegraph:

Once inside the car, police say Hussein asked to borrow the passenger’s phone because his device was broken. In the second case, Hussein offered to troubleshoot the Uber app after the passengers questioned why it indicated the driver hadn’t arrived yet.

It’s alleged Hussein then used his passenger’s phone to raid their Coinbase accounts with a phone-to-phone transfer of crypto and a phone transfer to cold storage.

https://cointelegraph.com/news/fake-uber-driver-arrested-stealing-thousands-from-unsuspecting-passengers

Does anyone have any idea how this guy was able to bypass login credentials, or did he simply open the Coinbase app and transfer coins to himself? I would think phone apps would have greater security than this, and again this points to a phone app vulnerability once someone physically possesses a phone. This could be an argument for not storing or accessing crypto in a phone.

Why do these criminals think that they'll rob people and they won't be punished? Maybe they'll get lucky for the first time but they do it regularly, they'll definitely get caught one day and I'm glad that this person got caught.
Btw as it seems, it's dangerous to talk about Bitcoin with strangers and in this case, with Taxi drivers. It's also dangerous to give your smartphone to strangers, no matter what kind of help they need. In my region, it's common when a kid or adult strangers ask you to give your smartphone to them to make a call and then they give you back but from this day, I'll be more careful about this. I want to help people in this situation because I've also been in such a situation but criminals are getting terrible every day.

[asriloni]

This is a dumb story. There are many non sense things in this story.

Account to account crypto transfer might still possible, but phone to phone crypto transfer? what the hell is this? I never heard CB has such service.

CB would always force you to complete the security measure before you would able to withdraw. I thought there were some security measures enabled on victim's Exchange account i.e 2FA, Face recognition, or another. Also, how can the fake uber driver know if there were lots of money on his victim's exchange accoun? weird.

This sounds a dystopia tale to me.

[FortuneFollower]

This is a dumb story. There are many non sense things in this story.

Account to account crypto transfer might still possible, but phone to phone crypto transfer? what the hell is this? I never heard CB has such service. CB would always force you to complete the security measure before you would able to withdraw.

I thought there were some security measures enabled on victim's Exchange account i.e 2FA, Face recognition, or another. Also, how can the fake uber driver know if there were lots of money on his victim's exchange accoun? weird.

This sounds a dystopia tale to me.

Or a tale to create some fuzz.
In any case, if it's true - we can learn some things from this story, though it wouldn't be related to crypto - just don't trust random drivers of Uber 

[kotajikikox]

Does anyone have any idea how this guy was able to bypass login credentials, or did he simply open the Coinbase app and transfer coins to himself? I would think phone apps would have greater security than this, and again this points to a phone app vulnerability once someone physically possesses a phone. This could be an argument for not storing or accessing crypto in a phone.

The article mentioned that some details of the case never made public for example how would the driver know a passenger's name. My guess would be that this driver has stalked his victims very carefully and exceptionally that he was able to target them specifically. To know that a passenger had crypto on their phone would require for him to actually do a background research on his victims. Which is probably why he knew the login credentials. Even if he didn't, he could just threaten his passenger into telling him.

[betswift]

Does anyone have any idea how this guy was able to bypass login credentials, or did he simply open the Coinbase app and transfer coins to himself? I would think phone apps would have greater security than this, and again this points to a phone app vulnerability once someone physically possesses a phone. This could be an argument for not storing or accessing crypto in a phone.

The article mentioned that some details of the case never made public for example how would the driver know a passenger's name. My guess would be that this driver has stalked his victims very carefully and exceptionally that he was able to target them specifically. To know that a passenger had crypto on their phone would require for him to actually do a background research on his victims. Which is probably why he knew the login credentials. Even if he didn't, he could just threaten his passenger into telling him.

And then he threatened him into not telling about the situatuon as a whole.
Maybe he did analyze his victim - or he just played it all out on luck.
We would never know. But it sounds like he did, indeed.

[Finestream]

The owner might not have enabled 2FA security on their account, because if they had, even if the perpetrator accessed the phone, he wouldn’t have been able to make a transaction without the 2FA code.

Most people enabled 2FA security, but they installed the 2FA apps in the same phone which kill the purpose of 2FA. 2FA apps should be installed in another device.

But doesn’t 2FA have a PIN or password before someone can access it? The one I’m using requires a password, so even if someone opens my phone, they won’t be able to access my 2FA or hack into my exchange account without knowing it.

Well, what’s done is done... I’m sure the victim didn’t see it coming, but there’s nothing he can do now since the money is gone, unless the perpetrator is forced to return it. Considering the guy is an Uber driver, he should be fairly easy to identify.

[john_egbert]

The owner might not have enabled 2FA security on their account, because if they had, even if the perpetrator accessed the phone, he wouldn’t have been able to make a transaction without the 2FA code.

Most people enabled 2FA security, but they installed the 2FA apps in the same phone which kill the purpose of 2FA. 2FA apps should be installed in another device.

But doesn’t 2FA have a PIN or password before someone can access it? The one I’m using requires a password, so even if someone opens my phone, they won’t be able to access my 2FA or hack into my exchange account without knowing it.

Well, what’s done is done... I’m sure the victim didn’t see it coming, but there’s nothing he can do now since the money is gone, unless the perpetrator is forced to return it. Considering the guy is an Uber driver, he should be fairly easy to identify.

The victim can take a lesson or two in being secure about his gadgets in the wrong hands.
With such logic, a robber could of drained anything else in his phone at the moment - due to it having to features of security in check at all at the moment of the incident.

[Ziskinberg]

Well, what’s done is done... I’m sure the victim didn’t see it coming, but there’s nothing he can do now since the money is gone, unless the perpetrator is forced to return it. Considering the guy is an Uber driver, he should be fairly easy to identify.

He is not an uber driver, he was just pretending.

A man posing as an Uber driver in Scottsdale, Arizona, was reportedly arrested after allegedly stealing a combined $300,000 of crypto from two unsuspecting passengers

This man clearly knew the victim had crypto, as he specifically targeted him. Securing the phone isn’t the only lesson to learn here, also staying low-key is just as important. By keeping a low profile, we can avoid becoming victims of scams or, even worse, getting robbed or killed.

[Hatchy]

Criminals are getting way more innovative, when it comes to stealing crypto, but every criminal gets caught, sooner or later.

I'm still surprised as the story and articles seems unclear to me. How was the driver able to know which passenger had these assetsbin their device or he studies his passengers before they arrive for pick up?.but then there's nothing impossible when it comes t thief's and hackers. They can go extra miles beyond our normal thinking to make sure they get what they want from others and the best way for us to avoid being victims is by being vigilant and smart. Dont store your coins on just any random device you use. You can have separate device you store your coins and then leave that device at home. Again, try to encrypt your wallet apps with passwords. And not just any random password but a strong password that would be difficult for just anyone to get their hands on. Probably this would help reduce the rate at which physical threat might be on an increase.

[Franctoshi]

From Cointelegraph:

Once inside the car, police say Hussein asked to borrow the passenger’s phone because his device was broken. In the second case, Hussein offered to troubleshoot the Uber app after the passengers questioned why it indicated the driver hadn’t arrived yet.

It’s alleged Hussein then used his passenger’s phone to raid their Coinbase accounts with a phone-to-phone transfer of crypto and a phone transfer to cold storage.

https://cointelegraph.com/news/fake-uber-driver-arrested-stealing-thousands-from-unsuspecting-passengers

Does anyone have any idea how this guy was able to bypass login credentials, or did he simply open the Coinbase app and transfer coins to himself? I would think phone apps would have greater security than this, and again this points to a phone app vulnerability once someone physically possesses a phone. This could be an argument for not storing or accessing crypto in a phone.

I'm still wondering how this is supposed to be possible,  does it means that the scammer already have the Uber driver's passwords just by collecting his phone, I doubt or if in the case of coinbase transfer, you can’t transfer crypto out the wallet without password like email ,phone or Google Authentication codes that will send to you by exchange to authorise your withdrawal.

This seem more like a cook up story.

[Z-tight]

The article says Hussein pretended to be the Uber driver the victims had booked, who does not check the model, color and plate number of the ride they booked on the app before entering, and how was Hussein able to know their names or that they had even booked rides in the first place.

There are a lot of questions that the article does not answer, however, don't store your funds in a centralized exchange and don't move around with your funds in a mobile phone. You can be a victim of a $5 wrench attack if you are not careful.

[rodskee]

The article says Hussein pretended to be the Uber driver the victims had booked, who does not check the model, color and plate number of the ride they booked on the app before entering, and how was Hussein able to know their names or that they had even booked rides in the first place.

to be fair he’s only targeted 2 victims which isn’t a lot despite the amount of money he’s stolen which means these two are probably the most irresponsible people of the bunch first they don’t double check the legitimacy of their uber ride, second they let anyone use their phone knowing they hold sensitive information there, third not enough security of crypto holding

i don’t want to blame the victims but to me this seems like something they could have prevented from happening

There are a lot of questions that the article does not answer, however, don't store your funds in a centralized exchange and don't move around with your funds in a mobile phone. You can be a victim of a $5 wrench attack if you are not careful.

if you can, just use a different phone for other things aside from crypto

[SatoPrincess]

I suspect this is not the first time dear ‘Hussein’ has attempted to steal bitcoins from unsuspecting customers. This story is a lesson to those who do not take their phone and wallet security seriously. And also to those who believe hot wallets are the best storage for their coins. Move your bitcoins to a hardware wallet, if you cannot afford one make sure the mobile device you have your hot wallet is not the same one you use for calls or internet.

[mirakal]

These articles rarely describe the technical issues well and some are misleading but why keep your coins in Coinbase and why use the same phone you use for  every day deals. The simplest advice would be to use cold storage or a separate phone for crypto/hardware wallet and Not your keys not your coins

That's the issue there. If you are responsible in safeguarding your crypto investment, you should have an extra phone intended for your crypto hodling. Otherwise, you are only trying to tempt your phone borrower showing in your phone that you have a Coinbase app. Good thing if that person does know nothing about crypto, but if he's a tech-savvy, then it's too late then to protect your crypto. It's now all gone.

[pawanjain]

From Cointelegraph:

Once inside the car, police say Hussein asked to borrow the passenger’s phone because his device was broken. In the second case, Hussein offered to troubleshoot the Uber app after the passengers questioned why it indicated the driver hadn’t arrived yet.

It’s alleged Hussein then used his passenger’s phone to raid their Coinbase accounts with a phone-to-phone transfer of crypto and a phone transfer to cold storage.

https://cointelegraph.com/news/fake-uber-driver-arrested-stealing-thousands-from-unsuspecting-passengers

Does anyone have any idea how this guy was able to bypass login credentials, or did he simply open the Coinbase app and transfer coins to himself? I would think phone apps would have greater security than this, and again this points to a phone app vulnerability once someone physically possesses a phone. This could be an argument for not storing or accessing crypto in a phone.

I am very paranoid when a stranger asks me my phone. I wonder how do these people simply gave away their phones to the Uber driver.
In the current world, our whole life lies on our phone and simply giving it away, even just for a few seconds can turn out to be disastrous just like how it happened with these people.
I am fortunate to have enough knowledge to protect myself from these simple mistakes but people need to improve their skills and protect themselves too.

[uneng]

That is why you should never save your passwords on your smartphone, neither to give it permission to keep you logged in your account indefinitely. Always make sure to logout every time you use an exchange or banking app.

It's true it's pretty annoying to have to login once again always you need to access your funds, but safety comes in first place, especially if you are a holder with a considerable portion of money under your disposal.

Probably if that man had adopted this safety measure, he wouldn't have been scammed after all...

[Botnake]

Does anyone have any idea how this guy was able to bypass login credentials, or did he simply open the Coinbase app and transfer coins to himself? I would think phone apps would have greater security than this, and again this points to a phone app vulnerability once someone physically possesses a phone. This could be an argument for not storing or accessing crypto in a phone.

The owner might not have enabled 2FA security on their account, because if they had, even if the perpetrator accessed the phone, he wouldn’t have been able to make a transaction without the 2FA code. Sometimes, we become too complacent since we carry our phones everywhere, and we forget to activate basic security features that are crucial for protecting our assets.

This was a tough lesson for the victim- unfortunately, learned the hard way.

That was the biggest mistake on part of the owner. He fails to add an extra layer of security so that any transaction made without permission will not succeed. He now learned his lesson, but it takes losing all his crypto assets before he'll realize his lapses. Or if only he used another phone for his crypto, then he'll never encounter that traumatic experience.

[Die_empty]

The article mentioned that some details of the case never made public for example how would the driver know a passenger's name. My guess would be that this driver has stalked his victims very carefully and exceptionally that he was able to target them specifically. To know that a passenger had crypto on their phone would require for him to actually do a background research on his victims. Which is probably why he knew the login credentials. Even if he didn't, he could just threaten his passenger into telling him.

There are somethings that are not clear in the story. How did the driver know their names and how did he also know that they own crypto. Maybe he has known them from a crypto social media platform, he might be a hacker or he works with some insiders.

No matter how vague the story is, we have learned never to keep large amount in exchange. The passengers also made mistake to give their phones to stranger. I don't give anybody my phone for any reason, instead I will drop from the taxi, except the criminal has dangerous tools. It is also good to keep phones that contain crypto at home because moving around with it could attract criminals.