The attacks were conducted throughout 2020, and originated in the UK; the victims were based in the US, and were “well-known influencers, sports stars, musicians, and their families,” according to the NCA.
The US, UK, and Europol collaborated on the investigation with authorities in Belgium, Malta, and Canada.
The fraudsters used a SIM-swap, which offloaded identifying info from victims’ phones’ SIM cards onto those of the attackers. Once inside, they stole directly from Bitcoin wallets and bank accounts.
Paul Creffield, head of operations for the NCA’s National Cyber Crime Unit, said that “those arrested face prosecution for offences under the [UK’s] Computer Misuse Act, as well as fraud and money laundering as well as extradition to the USA for prosecution.”
SIM-swaps aren’t exactly a new problem in the crypto sphere—back in 2018, the investor Michael Terpin sued AT&T after losing $23 million in Bitcoin to a SIM swap.
And crypto criminals appear to like going after celebrities, too. Last July, attackers hacked the Twitter accounts of major politicians, corporations, and influencers (Barack Obama and Elon Musk were among them), and fooled many of their followers into sending them Bitcoin.
More than ever, according to data from blockchain analytics firms, crypto thieves are going after DeFi protocols, and using ransomware to prey on vulnerable digital infrastructures like those in school and hospitals.
More than $10 billion was linked to criminal crypto addresses in 2020 alone.