Indian National sentenced to 5 years for $20 million Coinbase fraud

Chirag Tomar, a 31-year-old Indian citizen, was sentenced to five years in federal prison for orchestrating a cryptocurrency fraud scheme that defrauded hundreds of victims out of more than $20 million.

U.S. District Judge Kenneth D. Bell handed down the sentence, which also included two years of supervised release.

Scammers impersonate Coinbase to steal millions

According to court documents, Tomar and his co-conspirators ran the fraud by “spoofing” a website designed to mimic the legitimate cryptocurrency exchange Coinbase.

Starting in June 2021, the group created a fraudulent version of the exchange’s professional trading site, Pro.Coinbase.com, using a fake URL, CoinbasePro.com. Victims who tried to log into their Coinbase accounts were tricked into providing their login credentials.

One of the tactics used was to impersonate Coinbase customer service representatives and convince victims to hand over two-factor authentication (2FA) codes. In other cases, the scammers directed these people to install remote desktop software that would give them full control of their computers.

Tomar used the ill-gotten credentials to access multiple victim accounts and transfer funds to wallets under his control. He then converted the cryptocurrency into other digital assets, moving them between multiple wallets to hide the transactions. The funds were eventually converted into cash and distributed among the criminal group.

The 31-year-old used the stolen money to finance a lavish lifestyle, buying luxury watches such as Audemars Piguet, high-end vehicles such as Lamborghinis and Porsches, and traveling to destinations including Dubai and Thailand.

Theft and arrest of $240,000

The scheme affected targets around the world, including those based in the Western District of North Carolina. In February 2022, a local tried to access his Coinbase account through the spoofed site. The fake website instantly alerted them that their account was locked and directed them to call a number provided to contact a fake Coinbase representative.

The alleged representative then tricked them into giving up their 2FA details. This allowed the scammers to gain access to their target’s legitimate Coinbase account. Using this information, the criminals stole over $240,000 in cryptocurrency from the wallet associated with the account.

It is not the first time that such incidents have occurred. In 2021, authorities charged Soufiance Oulahya with stealing $450,000 in cryptocurrencies and NFTs from a Manhattan victim by rigging the OpenSea market.

In addition, Convex Finance had to introduce two new alternate URLs after its DNS was hijacked in a spoofing attack, causing users to unknowingly approve malicious contracts. After the hijack was confirmed, Convex revealed that five wallets had been affected, although verified contracts remained safe.

The threat is not limited to cryptography alone. In 2020, US authorities fined JP Morgan nearly $1 billion for its counterfeiting practices in metal futures and Treasury securities after it was implicated in FinCEN filings for allegedly laundering up to $2 trillion of dollars in “dirty money”.

SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).

2024 LIMITED OFFER on BYDFi Exchange – Up to $2888 Welcome Reward, Use this link to register and open a 100 USDT-M position for free!