In a dramatic incident that shook the digital finance world, three hackers named Greavys (Malone), Wiz (Veer Chetal), and Box (Jeandiel) successfully defrauded a single victim of $243 million. This was achieved through a combination of social engineering and advanced technical internet skills. The attack, which occurred on August 19, 2024, was meticulously investigated by on-chain investigator ZachXBT, highlighting the escalating threats to the crypto industry. The hackers managed to exploit both the trust and technical vulnerabilities of the targeted firm to their advantage.
How the Attack Unfolded
The meticulously planned attack began with a phone call from the attackers, posing as Fake Google Support. They used a spoofed phone number to gain the victim’s trust and persuaded the victim to share personal account details. Following this, the criminals impersonated Gemini Support, convincing the victim that their account had been compromised. In a textbook example of social engineering, the hackers manipulated the victim into resetting their 2FA and transferring funds to a fraudulent wallet.
To maintain control over the victim, the hackers convinced them to download AnyDesk, a remote desktop software. This allowed the attackers to gain access to the victim’s private keys, giving them control over digital assets worth approximately $243 million.
The Movement and Laundering of the Money
Once in control of the funds, the hackers dispersed the money through numerous transactions across more than 15 exchanges. They employed cryptocurrencies like Bitcoin, Litecoin, Ethereum, and Monero to obfuscate the money’s origin. However, during one of these transactions, Wiz (using the screen name Veer Chetal) made the mistake of revealing his real name during a screenshare session monitored by ZachXBT, providing a crucial lead for the investigators.
Wiz’s accomplice, Light/Dark (Aakaash), played a vital role in the money laundering process. Investigators were also able to uncover his identity, making it easier to trace the stolen money.
Lavish Lifestyle Funded by Ill-Gotten Wealth
Greavys (Malone) squandered the proceeds of the crime by indulging in a lavish lifestyle. He purchased over 10 luxury cars and spent between $300,000 and $500,000 a night partying in clubs in Los Angeles and Miami. His extravagant spending habits were easily traceable by investigators through his social media posts. Unknowingly, some people shared his location on social networks, inadvertently aiding the police investigation.
Box (Jeandiel), another key player in the operation, posed as a Gemini exchange representative during the heist. He used the same profile pictures across various social media platforms, further implicating himself in the fraud.
Ongoing Investigations and Arrests
Thanks to the collaborative efforts of blockchain researchers, including CFInvestigators, ZeroShadow_io, and the Binance Security team, over $9 million of the stolen funds have been frozen, with $500,000 already returned to the victim. This investigation led to the arrests of both Greavys and Box in Miami Beach and Los Angeles.
Authorities have indicated that more assets are likely to be recovered, and additional arrests could follow as the investigation continues. The case serves as a stark reminder of the sophisticated methods cybercriminals employ and the critical need for robust cybersecurity measures in the crypto industry.
