Bitcoin (BTC) self custody supplier Casa warns about bodily assaults towards Bitcoin holders, as they publish a weblog put up describing details of a latest incident.
Their consumer’s unhealthy Tinder expertise combines parts of social engineering, sim swapping, and a extra old-school drugging and robbing assault.
Certainly one of our shoppers was focused on a courting app and ended up being drugged with the objective of draining his crypto accounts. That is the story of the assault and our postmortem evaluation of what went improper and what went proper. https://t.co/co3XacQGQp
— Jameson Lopp (@lopp) July 8, 2021
Based on the story, an alleged Bitcoin holder and dealer discovered his date through the cellular app Tinder, the place he contacted a lady who claimed to be a “cryptocurrency dealer.”
As the 2 met up in particular person, he seen that her footage had been barely completely different from her in-person look, however he didn’t suppose a lot about it.
The sufferer remembers that “she mentioned her mother and father purchased her 1 bitcoin for $30,000, however in any other case she didn’t discuss crypto for the remainder of their time collectively.”
In the middle of their date, two determined to return to the person’s condominium, and someplace within the interim, the lady laced his drink with scopolamine, additionally referred to as ‘Satan’s Breath,’ or a benzodiazepine, medicine famend to trigger reminiscence loss in addition to inhibition impairment.
Based on the put up, “he believes the lady picked up his cellphone and requested him to indicate her tips on how to unlock it and discover his passwords.”
The person awoke the following day and his cellphone was lacking, despite the fact that all of his different belongings, together with a pockets with money, debit playing cards, and ID had been nonetheless there.
Saved by the multisig
The sufferer instantly checked “varied accounts from his laptop computer and noticed that purchases from his checking account had been tried at a number of exchanges and Bitcoin withdrawals had been tried from different custodial companies,” because the attacker tried to strip him bare, figuratively.
“Lots of our shoppers may also have password managers and 2FA on their cellphone. Within the case of this consumer, although he was not utilizing SMS 2FA, he was utilizing TOTP 2FA through a google authenticator app on the cellphone. Because the attacker had coerced his cellphone unlock pin from him, that they had entry to 2FA for all of his accounts,” talked about the put up because the writer drew a parallel to so-called sim swap assaults.
He ultimately misplaced solely a small quantity of Bitcoin as one in every of his trade accounts was compromised, whereas the most important share of his complete holdings had been saved because of the multisig setup he had.
The attacker solely had one of many sufferer’s 5 keys, which enabled him to dam different requested purchases and withdrawals by contacting custodians and submitting a compromise.
Get an edge on the cryptoasset market
Entry extra crypto insights and context in each article as a paid member of CryptoSlate Edge.
Join now for $19/month Discover all advantages
Like what you see? Subscribe for updates.