United States prosecutors charged five people with being part of a group that hacked dozens of businesses and individuals to steal $11 million in crypto and sensitive information.
The California US Attorney’s Office said on Nov. 20 that the defendants sent SMS phishing links or SIM-swapped individuals and employees of certain companies to steal login credentials to their work or crypto exchange accounts.
Court documents seen by Cointelegraph detailed at least 29 alleged individual crypto-theft victims. Prosecutors claimed one victim was robbed of more than $6.3 million worth of crypto after having their email and wallets breached.
Highlighted portion of a court document alleging a victim was hacked for over $6.3 million in crypto. Source: PACER
Investigators said the group targeted 45 companies in the US, Canada, India and the United Kingdom, including an unidentified US crypto exchange, whose employees were targeted with fake text messages claiming their accounts would be deactivated, which included a phishing link to dupe them into sharing sensitive credentials.
“We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals,” said Martin Estrada, the US attorney in Los Angeles.
The defendants are alleged to be part of the “Scattered Spider” hacking group, which prosecutors claim worked together from about September 2021 to April 2023 and included defendants Ahmed Elbadawy, 23, from Texas; Noah Urban, 20, from Florida; Evans Osiebo, 20, from Dallas; Joel Evans, 25, from North Carolina, and Tyler Buchanan, 22, from Scotland.
Each was charged with conspiracy, conspiracy to commit wire fraud and aggravated identity theft, while Buchanan faces an additional wire fraud charge. The fraud-related charges alone carry a maximum sentence of 20 years in jail.
Reuters reported last November that the FBI had struggled to stop Scattered Spider, which was linked to the September 2023 hacks of the Caesars Entertainment and MGM casinos, even while it knew group members’ names and that they were in the US.
It’s not immediately clear if the five accused are alleged to have taken part in the casino hacks, but one court document mentions “other co-conspirators” and an “unindicted co-conspirator,” hinting that others are suspected of crimes of which they’re not yet publicly accused.
Related: Crypto drainers are retiring as investigators start to close in
Investigators, which include the FBI and Police Scotland, said they tracked Buchanan via information he gave to register phishing sites deployed prior to their alleged use in duping victims.
A search of Buchanan’s devices found data pulled from a US crypto exchange and information from a US telecom company.
Information about lawyers for the defendants was not immediately available.
Crypto-Sec: 2 auditors miss $27M Penpie flaw, Pythia’s ‘claim rewards’ bug