US prosecutors have filed charges against Soufiance Oulahya, a Moroccan citizen currently in custody, for allegedly stealing cryptocurrencies and non-fungible tokens (NFTs) with a total value of $450,000 from a victim in Manhattan. Oulahya is accused of creating a fake OpenSea marketplace in 2021 to carry out the theft.
According to the United States Attorney’s Office Southern District of New York, Oulahya unlawfully obtained the victim’s seed phrase through spoofing techniques and used it to gain access to their collection of digital art. The defendant stole four NFTs from the victim’s OpenSea account, including assets from Bored Ape Yacht Club, Meebit, Bored Ape Kennel Club, and Crypto Dad series. Additionally, Oulahya also stole cryptocurrencies from the victim’s compromised wallet. The indictment reveals that the victim had paid approximately $448,923 to acquire these digital assets.
The Use of Spoofing
Attorney Damian Williams emphasized that Oulahya employed a common cybercrime technique known as “spoofing” to carry out the theft. Spoofing, a well-known trick in the criminal world, involves creating deception by imitating a legitimate entity. In this case, Oulahya adapted this technique to the crypto space, exploiting it for his illicit activities. The defendant utilized paid advertisements on a popular search engine to lure the victim into accessing the spoofed OpenSea website. Once the victim entered their seed phrase on the fake site, it was immediately transferred to an email address controlled by Oulahya. This allowed him to gain access to the victim’s wallet and transfer the stolen NFTs and cryptocurrencies to his own wallet.
The Dangers of Spoofing
Spoofing is just one of many social engineering techniques employed by cybercriminals to deceive and manipulate potential victims. Through enticing tactics, such as fake websites or advertisements, criminals aim to trick individuals into revealing sensitive information like passwords or downloading harmful attachments. The indictment does not disclose the name of the victim or specify which search engine Oulahya utilized for the fraudulent advertisement.
This case of theft through spoofing is not an isolated incident. In April 2022, an owner of assets from the Bored Ape Yacht Club fell victim to a scam on the Swap Kiwi platform, resulting in the loss of assets worth $570,000. The scammer exploited weak verification and anti-spoofing measures, creating counterfeit Bored Ape Yacht Club NFTs that were merely manipulated images. Another incident occurred in October 2022 when the BNB Chain experienced a security breach, leading to the compromise of cryptocurrencies worth millions of dollars. While efforts were underway to freeze, recover, and normalize the situation, a fresh spoofing attack caused the network to suffer a loss of 60 ETH.
The charges against Soufiance Oulahya highlight the continued prevalence of cybercrime in the cryptocurrency and NFT space. This case serves as a reminder for individuals to remain vigilant and exercise caution when engaging in online transactions involving valuable digital assets.