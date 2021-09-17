With a civil suit, the American Andrew Schober wants to regain around 16 Bitcoins that were allegedly stolen from him by two young British people. Schober also took the parents of the two young men to court, reports security blogger Brian Krebs. At the time of the theft, the two alleged perpetrators were still minors and lived with their parents. According to the lawsuit, they are said to have developed and distributed malware for the theft. They also tried to launder the money they had obtained.

According to the court documents provided by Krebs, Schober made a transaction of around 16.4 Bitcoin in January 2018 and then realized that he no longer had control of his balance (the transaction in a block explorer). At that time it was worth around 187,000 US dollars, currently almost 800,000 US dollars, which was 95 percent of his assets at the time. He then hired experts who checked his PC and looked for traces of possible perpetrators.

Theft with a clipboard trick

The experts discovered a clipboard hijacker on his computer, which was hidden in specially prepared wallet software called “Electrum Atom”. Schober found a link to the software via a Reddit post that advertised a download with false promises.

Such hijacker malware exploits the fact that, due to their character length, crypto-money addresses are usually not entered by hand, but are copied and pasted via the clipboard. Whenever the victim copies an address for a transfer to the clipboard, the malicious application replaces it with another address under the control of its makers. If the address replaced in this way is used unnoticed in a transaction and the payment has been recorded in the blockchain, then the money is lost for the victim.









On the trail of the perpetrator

The month-long search for the perpetrators, for which Schober reportedly paid US $ 10,000, finally led to the two Britons, who were meanwhile studying computer science. As evidence of their guilt, the lawsuit alleges, among other things, that one of the two suspicious pieces of code for the malware used is in the Github repository. One of the two also posted the question on Github in January 2018 as to how best to access the private key behind a Bitcoin address – and that with the address that the malware used.

The stolen Bitcoins could have been tracked to an address on the Bitfinex crypto wallet, where they were then exchanged for Monero currency. Unlike Bitcoin, Monero offers anonymous transactions.

Schober then turned in personal emails to the respective parents in 2018 and 2019, confronted them with receipts and asked for the money to be returned. He did not receive an answer and then finally filed the lawsuit in May 2021. The defendant parents then applied to the court to drop the lawsuit because the process was statute-barred and Schober had missed legal deadlines. The application does not comment on the actual allegations. His lawyers counter that Schober only found out about the process in the course of the lengthy forensic search for clues and therefore sued within the timeframe. Brian Krebs wrote that none of the parties to the dispute wanted to comment on the matter.



(axk)

