Woman Charged over Theft of $319,000 in Ripple Cryptocurrency, Email Hacking
A 23-year-old Australian woman was charged today for her alleged role in a hacking scheme that resulted in the theft of cryptocurrency worth 450,000 Australian dollars ($319,000).
The woman—who remains unnamed—was detained this morning at her home in Epping, a suburb in Melbourne, Australia. She was taken to a local police station and charged with knowingly dealing with proceeds of crime, New South Wales (NSW) police said in a release.
Officers, who established a unit called Strike Force Rostrevor, seized computers, electronic storage devices, cell phones and documentation during the search of the residence.
Law enforcement and cybercrime police believe the woman, potentially working with others, took over a man's email account, then changed his password and tampered with his settings to enable a cell phone number as a second authentication on the account.
The victim—a 56-year-old man, who was not named—reported the theft in January 2018. He alerted the police after 100,000 units of Ripple, a virtual currency that was worth $450,000 at the time, were stolen from an electronic account, also known as a "wallet."
According to NSW Police, officers were told the victim believed his email account had been hacked the previous month. In mid-January, he was mysteriously locked out for two days. When he regained control of the email account and checked the activity, he then noticed his cryptocurrency account had also been compromised leaving almost a zero balance.
It is alleged the woman accessed the wallet holding the Ripple—also known as XRP—and sent a huge chunk into a Chinese exchange. The crypto was later converted into Bitcoin.
The price of the "altcoin" is very volatile and has fallen considerably since January.
"An email account is more valuable than people realize—scammers are increasingly targeting emails as they link the individual to financial accounts and other personal information," said detective superintendent Arthur Katsogiannis, a cybercrime commander, on Wednesday.
"There is often valuable information saved in sent items or the trash, and scammers will look for anything that will assist in taking over your identity or accessing your finances. This is the modern equivalent of digging through a household rubbish bin or stealing mail."
Police said Wednesday that investigations will continue. The woman was granted a "strict conditional bail" and will next appear in court on Monday November 19, 2018.
Cybercrime police told The Sydney Morning Herald that the woman "had particular skills that helped her carry out the theft" but declined to confirm if she had acted alone.
Katsogiannis stressed the importance of strong multifactor authentication. Physical keys can now be used to store passwords and authentication keys to protect your valuable accounts.
He said, "Just as we were taught to shred documents and lock our mailboxes, the lesson is now ensuring that email accounts containing personal information and are linked to financial accounts have a minimum of two-factor authentication. Your information is an extremely valuable commodity to criminals and needs be treated and secured as you would cash."
