Canadian authorities have made an arrest in what is believed to be the biggest cryptocurrency theft targeting a single victim. The attackers allegedly stole over $46 million CAD using a classic SIM swapping technique.
According to police in Hamilton, Ontario, Canadian and US authorities joined forces in March last year to investigate the theft of a large amount of cryptocurrency from a US resident.
In a typical SIM swap attack, the threat actors reportedly made a duplicate SIM card with the victim’s phone number, giving themselves the ability to intercept multi-factor authentication codes and break into the victim’s crypto wallet.
“The victim had been targeted by a SIM swap attack, a method of hijacking valuable accounts by manipulating cellular network employees to duplicate phone numbers so threat actors can intercept two-factor authorization requests,” according to the press release.
The attack succeeded and the crooks siphoned approximately $46 million CAD ($36,5 million USD) worth of digital currency from the victim’s account.
“This is currently the biggest cryptocurrency theft reported from one person,” the Hamilton police note.
However, for at least one of the threat actors, the victory was short lived. Using some of the stolen loot, one of the attackers allegedly indulged in the purchase of a rare commodity in the gaming ecosystem, giving investigators a lead.
“The joint investigation revealed that some of the stolen cryptocurrency was used to purchase an online username that was considered to be rare in the gaming community. This transaction led investigators to uncover the account holder of the rare username,” the announcement reveals.
The police department doesn’t identify the threat actor by name or age, but does suggest the person is, perhaps unsurprisingly, an adolescent.
“A Hamilton youth was arrested for theft over $5,000.00 and possession of property or proceeds of property obtained by crime. This matter is before the courts,” the police note.
According to the announcement, the Hamilton police department has recently made multiple cryptocurrency seizures valued in excess of $7 million CAD. It is unclear if the seizures are in any way connected to this particular case. Suffice it to say authorities have yet to identify the rest of the threat actors involved in the heist, as the victim remains tens of millions short.