On 6 September 2022, Dutch police arrested a 39-year-old man in the village of Veenendaal on suspicion of laundering millions of euros in cryptocurrency through phishing attacks.
After working closely with the country’s central cybercrime team to monitor certain Bitcoin transactions, ‘Politie Gelderland’ (Eastern) seized devices and “data carriers” to assist with investigations.
Police were able to locate him using a malicious software update for the popular open-source Bitcoin wallet app Electrum, which enables users to securely manage digital assets.
According to police, attackers spread this malware update through phishing attacks and only learned of these attacks after Electrum users from the Netherlands and Italy reported phishing using malicious Electrum software.
There are numerous ways he has done this, one of which include installing malware that has stolen information and stealing the wallets of infected victims.
Another is that he used modified wallets or phishing attacks to steal the seeds/recovery phrases needed to restore an existing wallet to a new device, because once he gained access to a victim’s seed phrase, he can restore the wallet on his own device and steal the entire cryptocurrency.
He also transferred the money to Bisq, a decentralized peer-to-peer exchange network that allows users to trade cryptocurrencies without requiring registration or KYC (know your customer) information.
The sources for this piece include an article in BleepingComputer.