South Korean police and the FBI teamed up to bust an international XRP phishing scam. XRP, the digital token offered by Ripple, was involved in a scam across South Korea and Japan.
The two people running the scam were reportedly able to steal over $800,000 worth of XRP from “dozens of victims” across the two countries.
The perpetrators were brought to justice thanks to a joint operation between the Seoul police cybercrimes division and the FBI. One of the arrested individuals is a computer programmer, while the other is that person’s employer.
The programmer is a 42-year old officer who appears to be the “muscle” of the operation. The programmer was hired to replicate a Ripple exchange website, guided by the mastermind of the operation — the programmer’s employer.
The Scammers Created A Fake Crypto Exchange Website Replicating The Real Site
The next step of the phishing scam involved impersonating the real exchange’s email account. Then, the attackers sent emails to users from that email account, claiming that their funds had been frozen. Users, in a panic, would then click the link in the email, enter their account information, and then realize that they had been scammed.
In total, 24 Korean investors and 37 Japanese investors were convinced to enter their login details into the fake online form. The attackers recorded this login information, then used the information to login to the real crypto exchange website and steal user funds.
The only people targeted during this attack were investors in South Korea and Japan. However, the FBI got involved in December 2017 because Ripple — which issued XRP and continues to be the world’s largest holder of XRP — is an American company.
Local South Korean media is reporting that the lead scammer transferred the stolen XRP into Korean won. He then went on a spending spree, using the ill-gotten gains to purchase five-star accommodations in a luxury apartment complex along with other high-end items and services. Although the scammer has since been arrested, he claims the funds are all gone, and that they cannot be returned.
The mastermind of the operation, meanwhile, has an interesting origin story: the mastermind was motivated to launch his own phishing operation after he fell victim to a scam in 2014. He lost all of his investments. Although he reported the case to authorities, the perpetrators were never caught and the mastermind never recovered his funds. This led to him launching his own phishing scheme.
A Japanese Cryptocurrency Exchange Was Also Involved In The Phishing Attack
Local Korean media is reporting that there were three people involved in the scam, including the programmer, the mastermind, and a third individual — an employee at a Japanese cryptocurrency exchange.
That employee reportedly provided the two perpetrators with user data, including email accounts and 2FA status. This information helped the two identify their targets.
This Japanese accomplice is still at large and is believed to be in Japan.
Victims Of The Scam Are Unlikely To Be Compensated
This story is making headlines across South Korea because it’s the country’s first cryptocurrency phishing case.
However, the case isn’t expected to lead to a positive outcome for those who lost funds. First, the scammer claims the $800,000 has all been spent, and that he cannot return the money because he no longer has it.
Second, South Korean police cannot legally freeze or confiscate the scammer’s other assets due to the nature of the crime. Because cryptocurrencies are not considered legal tender under South Korean law, it’s unlikely that victims of the scam are going to be compensated.
Ultimately, as cryptocurrency becomes increasingly mainstream, stories like this are inevitable. Thanks to law enforcement authorities in Korea, however, the scam was stopped before more than a few dozen people lost money.