The Spanish Civil Guard arrested five people suspected of stealing about six million euro (US$6.67 million) from a Spanish company dedicated to storing the crypto assets of its clients. The theft was made possible when the computer of one of the company’s employees got infected with a virus after he downloaded a movie from a pirate website.
Thousands of investors lost their crypto assets in the 2020 attack that occurred six months after the movie files containing a highly sophisticated virus were downloaded, allowing the cybercriminal group to gain complete control of the employee’s computer and use it to access the company’s work environment.
In the summer of 2020, when the criminal group already knew all the procedures, characteristics, and structure of the company, it issued the cryptocurrency transaction order worth six million euros.
The stolen funds were transferred to wallets controlled by the attackers and left to sit there for half a year before they were transferred to at least four people who were apparently not related to each other.
In late 2021, police arrested the four in Tenerife, Bilbao, and Barcelona and seized their computers, as well as 900,000 euros ($1 million) related to the theft.
Data extracted from the seized computers led investigators to a fifth person who received half a million euro in cryptocurrency. The Civil Guard said that the ringleader controlled the material author of the hacking through a mind-altering drug extracted from the poison of the bufo toad.
According to The News 24, four of the suspects are Spanish, and one is from Eastern Europe. The news outlet also claimed that 1.4 million euros ($1.56 million) of the stolen cryptocurrencies have been recovered.
“A key factor for the resolution of the case has been the full willingness of the victims and the collaboration of the private cybersecurity sector,” Spanish Civil Guard said on Twitter.