Two young men accused of stealing one billion “Crowd Machine Compute Tokens” (worth $14 million) directly from the Crowd Machine crypto project last weekend were arrested Monday at an Oklahoma hotel, Oklahoma News 4 reports.
Fletcher Robert Childers, 23, and Joseph Harris, 21, both of Missouri, were arrested after an investigator from Santa Clara County DA’s Office, personnel from the Regional Enforcement Allied Computer Team (REACT) and Oklahoma police used cell-phone triangulation, purchase records and surveillance footage from a local Walmart to lead them to the hotel.
Police executed a “no-knock” warrant to search the room and a suspects’ car. No-knock warrants are often used in cases of suspected computer crime in the hopes that shocked suspects can be arrested before they’ve had time to close and lock their computers.
Childers and Harris allegedly used a “SIM-swap scam” to access a Crowd Machine “hot wallet” (crypto-storage linked directly to the Internet) through an employee cell phone.
In a SIM-swap scam, fraudsters pose as the victim and contact a cell-phone provider to claim that a phone has been lost. Hackers then provide enough identifying information that the cell company activates a hackers’ “new” phone with all the “lost” phone’s SIM data on it.
A wide range of passwords and two-factor authentication data can now be obtained by the hacker, and victims may not realize what has happened until their phone is shut off to activate the hackers phone.
An increase in SIM-swap attacks has led experts to caution people against giving out their cellphone numbers online.
Emma Mohan-Satta, a fraud prevention consultant at Kaspersky Labs told Digital Trends, “A high proportion of banking customers now have mobile phone numbers linked with their accounts, and so this attack is becoming common. Unlike mobile malware, SIM fraud attacks are usually aimed at profitable victims that have been specifically targeted through successful social engineering.”
Forensics conducted by Coindesk on the Ethereum blockchain show that the stolen CMCT tokens were quickly moved onto exchanges.
Many exchanges suspended trading of CMCT tokens after the hack was announced, but the tokens’ value still fell by 87% in the aftermath of the hack, where they traded at bottom for around $0.0019.
CMCT is now trading at about $0.0032 at the time of writing.
Data at CryptoSlate indicates that Crowd Machine raised 52 463 ETH in its pre-ICO fundraise (worth about $12 300 000 today) to build a, “high-speed decentralized cloud run on the world’s surplus device processor capacity, the Crowd Computer, to execute full-stack, enterprise-class apps built with the Crowd App Studio.”
CMCT debuted on exchanges in May of this year and quickly obtained a market cap of over $30 million. But figures at CoinMarketCap indicate that the company’s value now sits at around $1.6 million.
Court documents cited by CCN show that Childers and Harris were arrested on suspicion of grand theft and identity theft. If convicted, the two men could receive sentences of up to 35 years in prison.
According to Oklahoma News 4, Harris is currently being held without bail at the Oklahoma County jail and Childers is no longer in custody.