A collaborative effort between European Union law enforcement agency Europol, the UK's South East Regional Organised Crime Unit (SEROCU) and National Crime Agency (NCA), and the Hessen State Police in Germany has led to the arrest of an unidentified man suspected of stealing €10 million (about $11.3 million) worth of IOTA tokens from 85 victims worldwide starting in January 2018.
According to Europol's press release, the suspect allegedly used a malicious IOTA seed-generator at Iotaseed.io to gain backdoor access into users' IOTA wallets. IOTA wallets are protected by an 81-digit seed, which can be generated by online seed generators. Some users had the misfortune of using the seed generator on Iotaseed.io. The seeds were then stored in the background by the service provider, giving the suspect access to users' wallets and allowing him to transfer their tokens to other wallets created with fake IDs.
The investigation began in early 2018, when the Hessen State Police received reports from citizens regarding cryptocurrency having been stolen from their wallets. By July 2018, German authorities had managed to track the fraudulent activities to a suspect living in the UK, where the case was given to task forces within Europol.
SEROCU then arrested the man yesterday, January 23, in the UK city of Oxford on suspicion of fraud, theft, and money laundering.
The arrest comes after the September 2018 joint Interpol-Europol Cybercrime Conference in Singapore, where the two law enforcement agencies presented their 2018 Internet Organised Crime Threat Assessment report.
That report highlighted threats relevant to cryptocurrencies, including ransomware attacks, DDoS attacks, using crypto to fund illegal activities, phishing schemes, and cryptojacking.