Cyber cops trace $14M stolen from Cayman victim in ‘inside job’ crypto heist

More than US$14 million of crypto tokens stolen from a Cayman Islands company have been identified and traced by financial investigators.

Evidence points to the hack being an ‘inside job’ executed by a disgruntled former contractor of the Cayman-based Holograph Foundation, investigators said.

The suspect, a Ukrainian national, was one of two people, both aged 30, who were arrested in Italy last year. The pair have been extradited to France, where the suspect is a resident and from where the alleged hack was carried out. The French criminal prosecution continues with the suspects due to face trial later this year

The Cayman Islands Bureau of Financial Investigation, meanwhile, has traced and restored a large proportion of the funds to the victim company. The digital tokens were valued at US$14.4 million at the time of the hack last year. However, the value of the tokens plummeted following news of the crime.

Should the suspects be convicted in the French courts, they will likely be required to give up further funds as part of a ‘post-conviction asset forfeiture’ proceeding.

The arrests and recovery follow an investigation involving France’s Office for the Prevention of Cybercrime, Europol, the Italian Directorate of Anti-Mafia Investigations and the Royal Cayman Islands Police Service.

Victoria Templeman, head of the Cayman bureau, said the case was another example of Cayman’s growing ability to play a pivotal role in complex cross-border investigations with a nexus to the islands.

In this case, she said, French and Italian authorities had led the criminal investigation based on intelligence and evidence provided by Cayman, because the suspects were residents there and the crime had been committed in Europe.

Cayman police led the crypto asset recovery because the victim is based on island.

‘Back-door’ hack

The hack, carried out last June, involved a sophisticated attack on the blockchain tokenisation platform. A “malicious actor” exploited the protocol’s operator contract, using a “back door” left in the code to mint 1 billion native Holograph tokens valued at US$14.4 million at the time of the hack.

As well as the impact of the lost funds, the hack caused the value of the tokens to plummet by more than 80%.

Templeman said the bureau had worked with the victim and with authorities in Europe to track and recover the funds.

“This was a case involving a former contracted developer, who deliberately left a back door in the protocol and stole approximately $14 million worth of crypto tokens from the Cayman company,” she said.

“This affected share prices, confidence in the token and potentially the ability for the project to successfully continue.”

Tracking the suspects

“We established that the main suspect’s last known address was in Paris, he had committed the crime whilst in France, and that he is a Ukrainian national,” Templeman said.

“Through various social media posts made by his Russian girlfriend, who is a model and influencer, we were also able to track the location of the main suspect and his friends as they enjoyed the spoils around the hotspots of Europe.”

The information, including details of private helicopter transfers and rented luxury villas, was shared with European investigators who traced the suspects to Italy’s Amalfi coast where they were arrested and flown to France to face charges.

“That’s an ongoing criminal prosecution, but we continue to trace the proceeds of the hack and we are in the process of returning that to the victim,” Templeman said.

The bureau and Cayman’s police force in general have had to move with the times, increasing their expertise and technical know-how to deal with an ever more complex range of threats.

Julie Benoit, head of the cyber-investigations unit with France’s anti-cyber crime office, told Le Parisien newspaper the crypto attack was a sophisticated theft by an “organised gang” that relied on prior knowledge and advance planning involving a former contractor.

“We’re not talking about a computer attack,” she emphasised.

Benoit talked up the international collaboration that resulted in the arrests of two individuals in Italy and the recovery of much of the funds.

“This is an extraordinary case; 80% of the billion stolen digital tokens have already been located and frozen. We managed to reduce the initial damage to society,” she told the newspaper, highlighting how the impact of the crime spread to peripheral victims and investors whose tokens lost value as a result of the hack.