$46 000 000 USD

FEBRUARY 2020

UNITED STATES

UNKNOWN

DESCRIPTION OF EVENTS

"According to various interviews and profiles, in 1996 [Josh] Jones co-founded DreamHost, a successful web hosting provider, with three fellow undergraduate classmates at Harvey Mudd College, a private college in California. In 2013, he sold his shares in that company, but has been involved in numerous other ventures."

 

"In 2010 he became one of the earliest investors in Bitcoin and has since amassed a fortune in the cryptocurrency. Other projects include starting an e-publishing business for children’s books, a California-based accelerator and an investment firm. The Bitcoin theft does not appear to have slowed his acquisitions — he recently bought an airline and has a production company that bought the animation rights to the long-running comic Groo the Wanderer."

 

"In a recent interview on the podcast LA Venture he’s dubbed the “richest, goofiest, most confident yet normal-seeming person.”"

 

"In the 31-minute episode he explains his “irrational self-confidence” that has led him to invest in companies or ideas that others view as too risky. He almost always believes he’s right, despite naysayers."

 

“Just the fact that everyone on earth thinks that Bitcoin is crazy, and no one is telling me why, doesn’t matter,” he says, recalling back to 2010 when he started mining Bitcoin."

 

"Josh Jones lost $46 million worth in Bitcoin when he was targeted in the SIM swap attack in February 2020, The Spectator has confirmed with multiple sources." "The person carrying out the attack initially gathers as much personal data available to them online to build a picture of their target. With the information to hand, the hacker then tricks the target's mobile phone provider into switching their number over to a SIM car controlled by the attacker."

 

"According to police, in February of 2020, the suspect—whose name is not being released—hijacked the victim’s phone by manipulating cellular network employees and intercepting two-factor authorization requests. This gave the suspect access to cryptocurrency stored on a wallet in the victim’s phone." The "17-year-old Hamilton boy" "is accused of orchestrating a SIM swap attack to steal $46M in cryptocurrency from a person in the United States."

 

"Jones first reported the theft to the Los Angeles FBI, who then brought in other U.S. and Canadian agencies as the investigation grew." "The Santa Clara County District Attorney’s Office, in the San Francisco Bay Area, confirmed it became involved after its specialized tech-crime team received tips after news of the theft spread in cryptocurrency circles."

 

"Hamilton Police began the investigation in March of 2020 and worked with the Federal Bureau of Investigations and the United States Secret Service Electronic Crimes Task Force."

 

"Rumours about the theft had been circulating online since early 2020 after someone — suspected but not confirmed to be Jones — posted about it on Reddit. That post has since been taken down, but many comments included criticism for leaving such a large amount of Bitcoin accessible on a phone."

 

Police explained in a press release that a swap attack is a “method hijacking valuable accounts by manipulating cellular network employees to duplicate phone numbers so threat actors can intercept two-factor authorization requests.”

 

“The joint investigation revealed that some of the stolen cryptocurrency was used to purchase an online username that was considered to be rare in the gaming community,.”

 

“This transaction led investigators to uncover the account holder of the rare username.”

 

"The suspect was tracked down and arrested for theft over $5,000.00 and possession of property or proceeds of property obtained by crime. This matter is before the courts."

 

"Hamilton police announced the arrest on Wednesday after a joint investigation with the Federal Bureau of Investigations (FBI) and the United States Secret Service Electronic Crimes Task Force that began in March 2020."

 

"According to police, the victim had been targeted by a SIM swap attack, a method of manipulating cellular network carriers so scammers can intercept two-factor authentication requests."

 

“This is currently the biggest cryptocurrency theft reported from one person,” Hamilton Police said in the press release.

 

"Det. Const. Kenneth Kirkpatrick told CTV News Toronto that two-factor authentication is key in protecting your investments and funds." "He added that using different passwords for different websites and applications was also crucial."

 

"Jones has never commented on the theft, including in recent interviews he’s given about his work and investments. He could not be reached for comment."

Josh Jones left his funds on an exchange platform, secured through a two-factor authentication on a cell phone. The cell phone carrier was tricked into swapping the phone to another one by a 17 year old teen in Hamilton. Authorities eventually determined who the teen was when he (without employing any sort of privacy methods) spent some coins to buy a username for a video game. He's been arrested and convicted. There is no word on what Josh Jones recovered.

HOW COULD THIS HAVE BEEN PREVENTED?

Cell phone providers are not generally very secure, and can often be used to get back into email or reset passwords. It's not really two-factor if the single factor (your phone number) can be used to recover or bypass all the other factors. You need to use a device which is physically different for the second factor. It's a good idea to have as many factors as a platform will let you, and platforms should allow for more than just two factors.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.