US prosecutors have charged Soufiance Oulahya, presently in legal custody in Morocco, with stealing cryptocurrencies and NFTs worth $450,000 from a victim in Manhattan by creating a fake OpenSea marketplace in 2021.
A release from the United States Attorney’s Office Southern District of New York said the defendant illegally obtained the seed phrase of the victim by spoofing and used it to steal their collection of digital art.
Details of the Case
Oulahya stole four NFTs from the victim’s OpenSea account. These were one each from Bored Ape Yacht Club, Meebit, Bored Ape Kennel Club, and Crypto Dad series. Besides, the defendant also stole cryptocurrencies from the Manhattan victim’s compromised wallet. The indictment said the victim had paid approximately $448,923 to obtain these digital assets.
“As alleged, Soufiane Oulahyane used a common cybercrime technique to steal victim cryptocurrency and NFTs. ‘Spoofing’ is one of the oldest tricks in the criminal playbook. Oulahyane adapted this old tool for use in a new and developing arena – the crypto space,” Attorney Damian Williams said in the release.
According to the indictment, prepared by the US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI), Oulahyane used paid advertisement on a popular search engine to entice the victim to the spoofed OpenSea website.
The moment the victim entered the seed phrase on the spoofed website, it got transferred to an email id controlled by Oulahyane, who immediately accessed the former’s wallet and transferred the NFTs and cryptocurrencies to his wallet. The prosecutors have not named the victim or the search engine where Oulahyane put out the advertisement.
Cyber Attacks on the Rise
Spoofing is one of the many social engineering techniques where cybercriminals launch a malicious attack by enticing and convincing potential victims to click links, reveal passwords, download attachments, etc.
In April 2022, a BYAC owner was cheated of BAYC #1584, MAYC #13168, and MAYC #13169 — worth $570K in a swapping deal on the Swap Kiwi platform. The scammer used weak verification and anti-spoofing features in its checkmarks to create fake BAYC NFTS. But they were nothing more than photoshopped Jpegs.
In October 2022, the BNB Chain suffered a security breach and compromised cryptocurrencies worth millions of dollars. While freezing, recovering, and normalization were still going on, a fresh spoofing attack made the network suffer a loss of 60 ETH.