With a civil suit, the American Andrew Schober wants to regain around 16 Bitcoins that were allegedly stolen from him by two young British people. Schober also took the parents of the two young men to court, reports security blogger Brian Krebs. At the time of the theft, the two alleged perpetrators were still minors and lived with their parents. According to the lawsuit, they are said to have developed and distributed malware for the theft. They also tried to launder the money they had obtained.
The from Krebs provided court documents According to Schober carried out a transaction of around 16.4 Bitcoin in January 2018 and then noticed that he no longer had control of his credit (the transaction in a block explorer). At that time it was worth around 187,000 US dollars, currently almost 800,000 US dollars, which was 95 percent of his assets at the time. He then hired experts who checked his PC and looked for traces of possible perpetrators.
Theft with a clipboard trick
The experts discovered a clipboard hijacker on his computer, which was hidden in specially prepared wallet software called “Electrum Atom”. Schober found a link to the software via a Reddit post that advertised a download with false promises.
Such hijacker malware exploits the fact that crypto-money addresses are usually not entered by hand due to their character length, but are copied and pasted via the clipboard. Whenever the victim copies an address for a transfer to the clipboard, the malicious application replaces it with another address under the control of its makers. If the address replaced in this way is used unnoticed in a transaction and the payment has been recorded in the blockchain, then the money is lost for the victim.
On the trail of the perpetrator
The month-long search for criminals, for which Schober reportedly paid US $ 10,000, finally led to the two Britons, who are now studying computer science. As evidence of their guilt, the lawsuit alleges, among other things, that one of the two suspicious pieces of code for the malware used is in the Github repository. One of the two also posted the question on Github in January 2018 as to how best to access the private key behind a…