The former CEO of an emerging crypto project lost $450,000 to his âbest friendâ simply by connecting to his WiFi network. This was part of what is an emerging trend called a âProximity Breach,â noted by anti-money laundering firm AMLBot.
Tom, whose full identity must remain hidden due to AMLBotâs investigation policy, left a crypto company and sold his stake for $500,000. This represented most of his net worth as he moved from Europe to a country in Asia. During his time living in the new country he became close friends with a well-known local over a year and a half.
One night, Tom was caught in a rainstorm that caused water damage to his phone. Once he managed to get his phone working again and re-entered his seed phrase, he realized that his life savings were gone.
âI come from a non-drinking family and I decided that day that I was going to start drinking. And I was drinking heavily for like, a week and a half,â Tom told Decrypt on a video call. âI was asking ChatGPT about fucking ways to make money because I wasnât planning on doing any work.â
Tom spoke to the local who had become his best friend. He recalled him saying: âOh no, I canât believe that would happen to you. Keep me updated on the story.â At the same time, the best friend was trying to rent one of his properties to the former CEO while pretending to have no clue about the exploit.
Tom made contact with AMLBot because he wanted help recovering his crypto funds. Fortunately, the firm was able to quickly track the funds back to a Binance account. AMLBot contacted the centralized exchange to freeze the funds and hand over details about the case.
Binance does not reveal the identity of the account or the size of the frozen assets in cases like this. Instead, Tom and AMLBot had to figure that out together by walking through the days leading up to the exploit. From this investigation, the firm determined that Tomâs best friend compromised the former CEOâs device by getting Tom to connect to his WiFi network.
This is part of a rising trend called a âproximity breachâ scam. AMLBot claims to have recorded seven cases that fall under this category over the past three months. This includes 13 Bitcoin (BTC) being stolen by a victimâs girlfriend and $300,000 being swiped by a victimâs brother.
Pig Butcher scams, by contrast, require an individual making contact with someone and forming a relationship with them with the sole intention of scamming. With a Proximity Breach, scammers simply take advantage of someone who is close to them.
Fortunately for Tom, his attacker didnât hide their tracks very wellâbut that isnât always the case.
Bubblemaps told Decrypt that if the attacker had used a coin mixerâwhich obfuscates the sender and receiver of crypto tokensâAMLBot would likely not have been able to track the funds. Equally, certain centralized exchanges have become popular among scammers as they do not cooperate with firms such as AMLBot.
Before AMLBot takes on a case, they conduct a pre-assessment to decide if they can help the victim. Factors like the victim being in a sanctioned jurisdiction, their local law enforcement being historically difficult to deal with, or the stolen funds being swapped to privacy coins would mean the firm wouldnât take on the case. Once AMLBot takes on a case, it claims to have a success rate ranging from 60-75% depending on how quickly the victim contacts the firm.
âUnfortunately, in this profession, we come across at least 10 victims everyday, â Jain told Decrypt. âSometimes the funds are swapped to privacy coins. Sometimes they are taken to privacy protocols,â adding, âeven if we have the best of intentions, even if we want to help, sometimes we just cannot.â
AMLBot refused to give details about how this occurred due to fears the exploit will grow in popularity. On-chain analytics company Bubblemaps confirmed to Decrypt this is possible in a variety of ways. The exploit likely gave the attacker control of the actual device, they said, rather than access to Tomâs data.
Aside from usual security measures such as using two factor authentication, AMLBot recommends that you never access crypto sites or wallets using a public WiFi network. On top of this, the firm recommends enabling notifications for when transactions take place on your account so you can be alerted as soon as possible.
After the firm felt confident that the CEOâs best friend had robbed him, it used a fake account to make contact with the scammer on Facebook.
âHe was actually a real estate consultant. So I told him I was looking to invest in real estate,â Anmol Jain, AMLBot lead investigator for the case, told Decrypt. Jain eventually got the scammers Telegram account where he applied pressure, threatening to go to the police if he didn’t comply.
â[Eventually] I told him I was actually an investigator with AMLBot and we know what you did to your friend Tom.â Jain explained, âBecause Binance made that block, he was also aware that action was being takenâhe was already scared. So when he found out that we understood that it was him. He cracked in, I think, 15 to 20 minutes.â
Now a month later, $380,000 has been returned to Tomâthe scammer had already spent the rest of the money. Tom has reached a settlement to be paid the final $70,000 over the coming months.
âHe said that greed just overcame him. He just lost control,â Tom told Decrypt. âItâs the first time anyoneâs ever robbed anything from me that isnât a lighter. Iâm just very surprised.â
Edited by Stacy Elliott.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.