The cryptocurrency world has seen its fair share of high-profile hacks and scams, but the recent $240 million heist orchestrated by a group of skilled cybercriminals stands out as particularly brazen and sophisticated. Through a carefully planned social engineering attack, hackers known as Greavys, Wiz, and Box were able to steal a staggering amount of digital assets from a single unsuspecting victim, leaving behind clues that ultimately led to their downfall.
Targeting a creditor in Genesis
In mid-August, cybercriminals set their sights on a creditor of troubled crypto lending platform Genesis. Leveraging their technical prowess and social manipulation tactics, the hackers launched a multi-pronged attack that began with a seemingly innocuous phone call.
social engineering scheme
By impersonating Google and Gemini Support representatives, the perpetrators gained access to the victim’s personal accounts. Through a series of convincing lies, they convinced the victim that their Gemini account had been hacked, prompting the unsuspecting individual to reset their two-factor authentication (2FA) and transfer their funds to a compromised wallet.
breach and theft
After gaining the victim’s trust and credentials, the hackers proceeded to take control of the victim’s Bitcoin (BTC) wallet, accessing the private keys through the remote desktop application AnyDesk. This allowed them to record their actions and celebrate their success while transferring a staggering 4,064 BTC, worth approximately $257 million at the time, to their own wallets.
Tracking stolen money
Blockchain investigator ZachXBT, known for his meticulous work uncovering cryptocurrency-related crimes, quickly tracked down the movement of the stolen funds. His analysis revealed that the hackers split the stolen assets across multiple exchanges, converting them into different cryptocurrencies, including Litecoin, Ethereum, and Monero, in an attempt to hide their trail.
Identify the perpetrators
Through his forensic investigations, ZachXBT was able to link the distribution of funds to the wallets of the three main perpetrators: Greavys, Wiz, and Box. Interestingly, the criminals’ mistakes played a crucial role in their downfall, as they unwittingly open their real identities during screen sharing sessions.
Graves: The Extravagant Spendthrift
Graves, whose real name was Malone Lam, was identified as one of the key figures in the heist. He allegedly spent much of the stolen money on luxury goods, including cars and Birkin bags for his associates. However, his reckless actions, such as tying his “dirty money” to centralized exchanges, eventually exposed his involvement.
Wiz: The Elusive Mastermind
Waze, identified as Veer Sheetal, is believed to have received a large portion of the stolen funds, with $34.5 million linked to his address. His involvement in the money laundering scheme was exposed, leading to further scrutiny and the arrest of a fourth accomplice who helped him hide the ill-gotten gains.
Box: Gemini Scammer
Box, whose real name is Jandhil Serrano, played a crucial role in the scam by impersonating a Gemini exchange representative and convincing the victim to transfer their funds to the hacker’s wallets. Like Graves, Box also made the mistake of linking his “dirty money” to centralized exchanges, leaving a digital trail that helped the investigation.
Arrests and asset seizures
The collaborative efforts of ZachXBT, law enforcement, and the Binance Security team led to the arrests of Box and Greavys in Miami and Los Angeles, respectively. Additionally, over $9 million in stolen funds were frozen, and $500,000 was returned to the victim, thanks to the swift actions of the authorities.
The importance of vigilance
The $240 million cryptocurrency heist carried out by Greavys, Wiz, and Box serves as a stark reminder of the need for increased vigilance in the digital asset space. As the cryptocurrency industry continues to evolve, it is crucial for investors and users to remain cautious and skeptical of unsolicited communications, especially those claiming to be from reputable institutions or support services.
conclusion
The $240 million cryptocurrency heist perpetrated by Graves, Weiss, and Box serves as a stark reminder of the dangers that lurk in the world of digital assets. While the perpetrators were ultimately brought to justice due to their own mistakes and the tireless efforts of dedicated investigators, the case underscores the need for continued vigilance and strict security protocols to protect digital assets. As the cryptocurrency industry continues to evolve, the lessons learned from this incident will undoubtedly shape the future of the field, driving the development of stronger security measures and fostering a safer environment for all involved.
Disclaimer: The information contained in this article is for informational purposes only and does not constitute financial advice. Investing in cryptocurrencies involves risks, and readers should conduct their own research and consult with their financial advisors before making investment decisions. Hash Herald is not responsible for any profits or losses in this process.