Dutch police have arrested a 39-year-old man on charges of laundering cryptocurrency worth tens of millions of euros. The suspect is alleged to have used phishing lures to deploy data-stealing malware onto victims’ computers.
In the early morning of Sept. 6, the suspect was detained in the village of Veenendaal on charges of money laundering, based on police tracing of bitcoin transactions.
“The funds were stolen by making use of a malicious software update purporting to be from the open source Electrum wallet,” according to the press release.
“Investigation showed that the man converted bitcoin into the privacy coin monero [vice versa], which makes the trail of transactions more difficult to track. His service was provided via the anonymous online network Bisq. It is suspected that the man earned a lot from laundering in this way,” the police said.
Bisq is a decentralized peer-to-peer exchange network that says it can offer privacy to users.
Dutch authorities refrained from publicizing details of the attacks, but told Bleeping Computer that the man distributed the malicious Electrum update through phishing attacks.
“The funds were stolen after phishing with malicious Electrum software pushed through malicious servers,” the Dutch police related to the cyber news site.
Basically, the phishing message somehow persuaded victims to install an unofficial update to their Electrum wallets that likely contained data-stealing malware.
“When the man was arrested, his home was searched and several data carriers were seized,” according to the announcement. “The police investigation into the data carriers and the virtual currencies held by the man is ongoing. The expected profit that the man made from money laundering was seized in cryptocurrency by the police.”
Apparently police had too little evidence to jail the man, so they were forced to release him on Sept. 8. He nonetheless remains a suspect as investigations continue.