With a civil suit, the American Andrew Schober wants to regain around 16 Bitcoins that were allegedly stolen from him by two young British people. Schober also took the parents of the two young men to court, reports security blogger Brian Krebs. At the time of the theft, the two alleged perpetrators were still minors and lived with their parents. According to the lawsuit, they are said to have developed and distributed malware for the theft. They also tried to launder the money they had obtained.
The from Krebs provided court documents According to Schober carried out a transaction of around 16.4 Bitcoin in January 2018 and then noticed that he no longer had control of his credit (the transaction in a block explorer). At that time it was worth around 187,000 US dollars, currently almost 800,000 US dollars, which was 95 percent of his assets at the time. He then hired experts who checked his PC and looked for traces of possible perpetrators.
Theft with a clipboard trick
The experts discovered a clipboard hijacker on his computer, which was hidden in specially prepared wallet software called “Electrum Atom”. Schober found a link to the software via a Reddit post that advertised a download with false promises.
Such hijacker malware exploits the fact that crypto-money addresses are usually not entered by hand due to their character length, but are copied and pasted via the clipboard. Whenever the victim copies an address for a transfer to the clipboard, the malicious application replaces it with another address under the control of its makers. If the address replaced in this way is used unnoticed in a transaction and the payment has been recorded in the blockchain, then the money is lost for the victim.
On the trail of the perpetrator
The month-long search for criminals, for which Schober reportedly paid US $ 10,000, finally led to the two Britons, who are now studying computer science. As evidence of their guilt, the lawsuit alleges, among other things, that one of the two suspicious pieces of code for the malware used is in the Github repository. One of the two also posted the question on Github in January 2018 as to how best to access the private key behind a Bitcoin address – and that with the address that the malware used.
The stolen Bitcoins could have been tracked to an address on the Bitfinex crypto wallet, where they were then exchanged for Monero currency. Unlike Bitcoin, Monero offers anonymous transactions.
Schober then turned in personal emails to the respective parents in 2018 and 2019, confronted them with receipts and asked for the money to be returned. He did not receive an answer and then finally filed the lawsuit in May 2021. The defendant parents then presented to the court the motion to drop the lawsuitbecause the process is statute-barred and Schober missed legal deadlines. The application does not comment on the actual allegations. His lawyers oppose thisthat Schober only found out about the process in the course of the lengthy forensic search for clues and therefore complained within the timeframe. None of the parties to the dispute wanted to comment on the matter at his request, writes Brian Krebs.