Chirag Tomar, a 31-year-old Indian citizen, was sentenced to five years in federal prison for orchestrating a cryptocurrency fraud scheme that defrauded hundreds of victims out of more than $20 million.
U.S. District Judge Kenneth D. Bell imposed the sentence, which included two years of supervised release.
Fraudsters Impersonate Coinbase to Steal Millions
According to court documents, Tomar and his co-conspirators committed fraud by “spoofing” a website designed to imitate the official cryptocurrency exchange Coinbase.
Starting in June 2021, the group created a fake version of the exchange’s professional trading site, Pro.Coinbase.com, using a fake URL, CoinbasePro.com. Victims trying to log into their Coinbase accounts are tricked into providing their login credentials.
One tactic used is to impersonate a Coinbase customer service representative and convince the victim to hand over a two-factor authentication (2FA) code. In other cases, fraudsters instruct these people to install remote desktop software that will give them complete control of their computers.
Tomar used these illicit credentials to access several victims’ accounts and transfer funds to wallets under his control. He then converted the cryptocurrency into other digital assets, moving them to multiple wallets to hide the transactions. Eventually, the funds are converted into cash and distributed to criminal groups.
The 31-year-old used his stolen money to fund a lavish lifestyle, buying luxury watches such as Audemars Piguet, high-end vehicles such as Lamborghinis and Porsches, and traveling to destinations such as Dubai and Thailand.
$240,000 Theft and Arrest
The scheme impacted targets worldwide, including those based in the Western District of North Carolina. In February 2022, a local resident tried to access his Coinbase account through a fake site. The fake website immediately tells them that their account is locked and directs them to call a number provided to contact a fake Coinbase representative.
The alleged representative then tricked them into providing their 2FA details. This allows fraudsters to access their targets’ official Coinbase accounts. With this information, the criminals stole more than $240,000 worth of cryptocurrency from the account’s associated wallet.
This is not the first time an incident like this has happened. In 2021, authorities accused Soufiance Oulahya of stealing $450,000 in cryptocurrency and NFTs from Manhattan victims by defrauding the OpenSea marketplace.
Additionally, Convex Finance had to introduce two new alternative URLs after its DNS was hijacked in a spoofing attack, causing users to agree to malicious contracts without realizing it. Upon confirmation of the hijack, Convex revealed that five wallets had been affected, although verified contracts remained secure.
This threat is not just limited to crypto. In 2020, JP Morgan was fined nearly $1 billion by US authorities for spoofing practices in metals futures contracts and Treasury securities after being implicated in a FinCEN docket for allegedly laundering $2 trillion in “dirty money.”
$600 Free Binance (CryptoPotato Exclusive): Use this link to register a new account and receive an exclusive $600 welcome offer on Binance (full details).
2024 LIMITED OFFER on BYDFi Exchange: Welcome gift up to $2,888, use this link to register and open a free 100 USDT-M position!
