Scammer Who Ran Fake IOTASeed.io Operation and Netted $11 Million Worth of IOTA Gets Nabbed by Europol

In has just come to light that police officials from the UK’s South East Regional Organised Crime Unit (SEROCU) have been successful in apprehending a British national who was charged with having stolen more than €10 million ($11.4 million) worth of

In regards to the matter, Europol released a statement on their website which revealed that the 26 year old miscreant hailed from Oxford, UK. Not only that, the government agency also also revealed that the suspect used a “malicious IOTA seed generator available at www.iotaseed.io to obtain backdoor access to user wallets”. All of this happened over the course of six to eight months spanning from August 2017 to the start of 2018. During this period, the unnamed hacker started logging into user wallets and made illegal transactions without anyone’s prior approval or knowledge.

An In-Depth Look at the Case

It has been reported by Europol that the hacker who was operating under the pseudonymous name of ‘Norbertvdberg’ posed as a member of the IOTA community so as to gain the trust of other community members. He offered support to IOTA users and linked them to iotaseed.io— a scammy web portal that “purportedly generated random and unique 81-digit passkeys that IOTA wallets require to operate normally”.

If that wasn't enough, he then went on to establish a GitHub repository that “supposedly” possessed the source code for iotaseed.io.

Lastly, after he had procured a sizeable chunk of seed info to exploit unsuspecting users, Norbertvdberg started transferring funds from user wallets on January 19, by illegal logging into a total of 85 user wallets and transferring about €10 million worth of IOTA. During the course of his actions, he went on to establish a DDOS diversion for IOTA admins — which tied them up with network traffic spikes and other similar smokescreens.

Investigation and Eventual Arrest

As per a spokesperson for Europol, the scam started unraveling after a number of users started to complain to the Hessen State Police in Germany about their misappropriated digital funds— thus leading the government agency to track down Norbertvdberg even though he had made a number of attempts to eliminate his online footprint completely (primarily by deleting all of his user profiles on Reddit, Quora and GitHub.)

Last July, the case was handed over to the Joint Cybercrime Action Taskforce (J-CAT), an agency that works directly under Europol’s European Cybercrime Centre (EC3). By coordinating with other European police authorities, the miscreant was finally nabbed after a long/ arduous witch hunt.

Final Take

In rounding out this article, it is worth mentioning that this is probably the first time such coordination has been witnessed by different EU member states on a case pertaining exclusively to cryptocurrencies. It is now being expected that Norbertvdberg will be extradited to Germany, where he will face a trial on charges related to fraud, theft and money laundering.