Indian national pleads guilty to wire fraud conspiracy for stealing over $37 million by spoofing Coinbase’s website

- ADVERTISEMENT -

Chirag Tomar, 30, a citizen of India, appeared before U.S. Magistrate Judge Susan C. Rodriguez May 20, 2024, and pleaded guilty to federal charges for stealing more than $37 million through a spoofing scheme of the Coinbase website.

Tomar was arrested at the Atlanta airport on Dec. 20, 2023, upon entering the United States, and remains in federal custody. The guilty plea for wire fraud conspiracy carries a maximum sentence of 20 years in prison and a $250,000 fine. A sentencing date has not been set, a press release from the U.S. Attorney’s Office, Western District of North Carolina, said.

According to court documents, Tomar used the victims’ funds to pay for his lavish lifestyle, including to purchase a Rolex and other expensive watches, to buy luxury vehicles like Lamborghinis and Porsches, and to make trips to Dubai, Thailand and elsewhere.

According to filed court documents quoted from in the press release, and the plea hearing, in or about June 2021, Tomar and his co-conspirators engaged in a scheme to steal millions in cryptocurrency from hundreds of victims located worldwide and in the United States, including in the Western District of North Carolina. Tomar and his co-conspirators executed the fraud by “spoofing” the Coinbase website. Coinbase is one of the largest virtual currency exchanges in the world, that allows customers to buy, sell or trade cryptocurrencies. Coinbase users can also store their cryptocurrencies in their virtual exchange wallets. Upon logging in, users are able to quickly access their wallets and transfer the cryptocurrencies to other wallets or other outside linked accounts. Coinbase operated a “Pro” version of its exchange, which was found at the URL “Pro.Coinbase.Com.”

According to court documents Tomar and his co-conspirators spoofed the Coinbase Pro website by using a similar fake URL, CoinbasePro.Com. In order to deceive unsuspecting users into believing they were accessing the legitimate Coinbase webpage, the fraudulent website was crafted to mimic the authentic website. Once victims entered their login credentials into the fake website, an authentication process was triggered. In some instances, victims were tricked into providing their login and authentication information of the real Coinbase website to fraudsters. Other times, victims were tricked into allowing fake Coinbase representatives into executing remote desktop software, which enabled fraudsters to gain control of victims’ computers and access their legitimate Coinbase accounts. The fraudsters also impersonated Coinbase customer service representatives and tricked the users into providing their two-factor authentication codes to the fraudsters over the phone. Once the fraudsters gained access to the victims’ Coinbase accounts, the fraudsters quickly transferred the victims’ Coinbase cryptocurrency holdings to cryptocurrency wallets under the fraudsters’ control.

In February 2022, a victim located in the Western District of North Carolina attempted to log into his Coinbase account through the fraudulent website. The spoof website immediately notified the victim that his account was locked and prompted the victim to use a number provided to call a fake Coinbase representative. The fake representative tricked the victim into providing his two-factor authentication information, ultimately gaining access into the victim’s real Coinbase account. Using the information, fraudsters stole cryptocurrency from the victim’s Coinbase wallet worth over $240,000.

As Tomar admitted in court May 20, Tomar controlled several cryptocurrency wallets that received hundreds of transactions of cryptocurrency stolen from victim accounts at Coinbase, totaling tens of millions of dollars. After Tomar received the stolen cryptocurrency, he would quickly convert it to other forms of cryptocurrency or move the funds amongst many wallets controlled by Tomar and others. Ultimately, the cryptocurrency was converted into cash which was then distributed to Tomar and his co-conspirators.