An advertisement on the phony OpenSea website appeared on a well-known search engine, which is how the defendant found his victim.
Soufiance Oulahya, who is now being held in detention in Morocco on a legal warrant from the US, is accused by US authorities of building a fictitious OpenSea marketplace in 2021 in order to steal cryptocurrencies and NFTs worth $450,000 from a victim in Manhattan.
According to a press release from the Southern District of New York Office of the United States Attorney, the defendant utilized the victim’s stolen digital art collection to fraudulently obtain the victim’s seed phrase through spoofing.
Information about the Case
From the victim’s OpenSea account, Oulahya took four NFTs. These were one each from the Bored Ape Yacht Club, Meebit, Bored Ape Kennel Club, and Crypto Dad series. In addition, the defendant took cryptocurrency from the hacked wallet belonging to the Manhattan victim. According to the indictment, the victim spent around $448,923 to acquire these digital assets.
“As alleged, Soufiane Oulahyane used a common cybercrime technique to steal victim cryptocurrency and NFTs. ‘Spoofing’ is one of the oldest tricks in the criminal playbook. Oulahyane adapted this old tool for use in a new and developing arena – the crypto space.”
Attorney Damian Williams
Oulahyane lured the victim to the phony OpenSea website using sponsored marketing, claims the indictment, which was written by the US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI).
When the victim typed in the seed phrase on the fake website, it was sent to an email account under Oulahyane’s control, who instantly accessed the victim’s wallet and transferred the NFTs and bitcoins to it. Both the victim and the search engine where Oulahyane placed the advertising are unnamed by the prosecutors.
Cyberattacks are increasing
One of the various social engineering methods used by cybercriminals is spoofing, in which they lure and persuade potential victims to give their passwords, click links, downloaded files, and other sensitive information in order to begin a hostile assault.
A BYAC owner was defrauded of three BYACs worth $570,000 in April 2022 during a switching transaction on the Swap Kiwi platform: BAYC #1584, MAYC #13168, and MAYC #13169. To generate a false BAYC NFTS, the con artist employed checkmarks that had insufficient verification and anti-spoofing characteristics. They were only Jpegs that had been altered.
Millions of dollars’ worth of cryptocurrency were lost due to a security vulnerability on the BNB Chain in October 2022. The network lost 60 ETH due to a new spoofing assault while freezing, recovery, and normalization were still occurring.
