The European Union Agency for Law Enforcement Cooperation (Europol) has arrested the person behind the theft of over 10 million euro worth of cryptocurrency IOTA from over 85 people during the previous year. The Europe-wide investigation also involved the state police from Hesse in Germany and the National Crime Agency.
Here’s a video published by Europol of the arrest:
A hacker under the pseudo-name Norbertvdberg fooled IOTA users under the impression of providing assistance. According to Europool, he set up a website named iotaseed.io that was advertised as a random seed (password) generator.
The site offered IOTA users, aid in generating unique passwords that are compliant with the specifications of various IOTA wallet applications, needing to be 81-digit-long and utilizing certain characters. The hacker further convinced victims of his legitimacy by creating a GitHub, a web-based hosting service for coders, repository claiming to contain the source code for the iotaseed.io service.
However, the site generated predictable passwords that the hacker secretly logged, as informed by a UK Student, Alex Studer. The password provided always used a fixed seed plus a counter variable that increased by one every time the program was running, making the password very easy for the hacker to figure out.
Though the website was up and running as of August 2017 until January 2018, Norbertvdberg reportedly began stealing funds during January 2018. When the victims filed a complaint, the Hessen State Police in German began their investigation. The hacker was identified during July 2018 and was finally arrested during January 23rd, on charges of fraud, theft and money laundering.