An Indian national, who stole more than $20 million worth of crypto from Coinbase users to fund his lavish lifestyle, was sentenced to 60 months in prison on Thursday. The sentence, handed down by a federal judge in North Carolina, comes after 31-year-old Chirag Tomar pled guilty in May to “spoofing” the Coinbase website, tricking hundreds of victims into handing over their login credentials and access to their crypto wallets.
“Spoofing, as it pertains to cybercrime, is when a malicious cyber actor disguises an email address, sender name, or website URL to convince victims they are interacting with a trusted source,” the Justice Department said in a statement.
The scam began as far back as June 2021 and involved the operation of a fraudulent website built to look exactly like the Coinbase Pro version using a slightly different URL—the scammers used ”Coinbasepro.com” instead of the authentic “Pro.Coinbase.com.” Once the victims entered their Coinbase username and password into the fraudulent website, an authentication process was triggered.
The scammers used a variety of tactics to exploit Coinbase customers and gain access to their wallets, according to court documents. In some cases, the scammers impersonated Coinbase customer service representatives and tricked victims into providing their login credentials and two-factor authentication codes over the phone. Other times, victims were tricked into allowing the scammers to use remote desktop software to gain control of victims’ computers. Upon gaining access, the fraudsters quickly transferred the victim’s Coinbase holdings into crypto wallets under Tomar’s control.
After receiving the stolen crypto, Tomar converted it into other forms of cryptocurrency and distributed it amongst his many wallets. Then he converted the crypto to cash and gave it out to his co-conspirators.
In February 2022, Tomar stole $240,000 worth of crypto from a victim in North Carolina. When the victim attempted to log in to Coinbase Pro through the fraudulent website, he was notified that his account was locked and was prompted to call a fake Coinbase representative. He was tricked into providing his two-factor authentication code, giving the scammer full access to his account.
Some blame Google for promoting malicious websites through Google Ads, allowing scammers to pay to have their website show up at the top of search results as “sponsored” content, luring in unsuspecting victims.
Tomar used the stolen crypto to purchase luxury cars like Lamborghinis and Porsches; expensive watches; and vacations to Dubai, Thailand, and elsewhere, according to the statement.
He was arrested late last year upon arrival in the United States at Atlanta airport and charged with wire fraud and money laundering.