A U.S. federal judge has sentenced an Indian man to five years in prison for creating fake versions of the Coinbase website and using them to steal more than $20 million from duped customers of the American crypto exchange.
According to court filings, Chirag Tomar, 31, worked with co-conspirators to create “spoofed” versions of Coinbase sites that they would link to in emails sent to real Coinbase customers.
Victims would then enter their login credentials on the fake site, allowing Tomar and his associates to steal the data and use it to drain users’ Coinbase wallets. On other occasions, the hackers would imitate customer service representatives to learn users’ two-factor authentication codes.
All in all, Tomar and his co-conspirators successfully used such tactics to steal crypto from hundreds of Coinbase users worldwide, including several in the United States, according to the U.S. Department of Justice (DOJ).
In one typical scheme, the hackers imitated the Coinbase Pro website (pro.coinbase.com) with a spoofed URL such as coinbasepro.com. Victims would visit the site, which was made to look identical to the real Coinbase, and unwittingly hand over their account information.
Tomar reportedly began the Coinbase-related scheme as early as 2021. According to the DOJ, he used his ill-gotten gains to buy numerous rare watches including Audemars Piguets, and luxury cars including multiple Lamborghinis and Porsches.
In December 2023, when Tomar flew into Atlanta, he was immediately apprehended by U.S. authorities.
The investigation into the scheme was conducted by the U.S. Secret Service in conjunction with the FBI. Tomar’s five year prison stint will be followed by two years of supervised release.
Edited by Andrew Hayward