In the summer of 2020, a Spanish company called 2gether, which is dedicated to storing its clients’ crypto assets (a sort of private cryptocurrency bank), announced that had suffered the theft of crypto-currencies worth 1.2 million euros, and what are they worth now 6 million euros.
In total they were stolen 114 bitcoins and 276 ethersthat belonged to to more than 5,000 customers. This is how the Civil Guard began what it called 3COIN operationthe biggest cryptocurrency theft in Spain, so far.
A year and a half later, the UCO Cybercrime Department has solved the case, which ends with the arrest of 5 people, according to the press release. And we know how it all started: with download a pirated movie from your work computer, by an employee.
According to the Civil Guard, early 2020 this 2gether employee downloaded a pirated movie from a work PC from an illegal download site.
This movie contained Nanocore dangerous malwarea Trojan that was installed on the company’s computer, remaining hidden while tracking all information.
For several months, the cybercriminals, who according to El País had barely paid 200 euros to the manager of the pirate site to introduce the Trojan horse into the films, they collected passwords, activities and employee information.
They waited for summer, when most of them were on vacation, to disable security measures and steal cryptocurrencies. It only took 15 or 20 minutes.
After receiving the complaint, the Cybercrime Department of the Civil Guard opened an investigation to locate, on the one hand, the owner of the pirate movie download website that introduced the malware and, on the other hand, the perpetrators of theft.
In collaboration with the private cybersecurity company commissioned by 2gether, The aforementioned website owner was arrested and 5 people implicated who have participated in the theft or laundering of stolen cryptocurrencies.
The authors live in different places: Tenerife, Bilbao, Barcelona and Valencia. Four are Spanish and the fifth is a citizen of Eastern Europe. According to the Civil Guard, the ringleader controlled the hacking material by a drug extracted from the poison of the bufo toad.
In addition, 1.4 million euros of the stolen cryptocurrencies were recovered.
A theft of crypto-assets with a happy ending that leaves us with two important morals: cryptocurrencies are not 100% anonymousand… watch out for pirate movies lots of people are downloading…