ED seizes Rs 21.71 crore in Coinbase phishing scam

The Enforcement Directorate (ED) has attached assets worth Rs 21.71 crore linked to an Indian national arrested by US authorities for orchestrating a sophisticated cryptocurrency phishing operation that defrauded victims of over USD 20 million. Chirag Tomar, who is currently in custody in the US, was apprehended by US authorities in December 2023 while attempting to enter the country. His arrest back then had led an probe by ED to trace the proceeds of crime back to India. Tomar was arrested in US for stealing more than USD 20 million through use of fake or spoofed websites mimicking the cryptocurrency exchange website Coinbase. The ED has attached assets valued at Rs. 21.71 crore belonging to Chirag Tomar, his family members, and his associates named Rahul Anand, Akash Vaish and Piyush Prashar. The attached assets include nine immovable properties in Delhi. The probe revealed that the trusted websites were manipulated through search engine optimisation tools so that when the website is searched, the spoofed website would appear at the top. The spoofed website appeared to be the same as the trusted website except for the contact details. When the users would enter the login credentials, the spoofed website would show it wrong. Therefore, the users would contact the number given in the spoofed website which would eventually connect them to the calls managed by Tomar and his associates. Once the fraudsters gained access to the victims accounts, the fraudsters quickly transferred the victims cryptocurrency holdings to crypto currency wallets under their control. The stolen crypto currency would then be sold on various P2P crypto platforms and converted to Indian rupees. Subsequently the money was transferred in the bank accounts of Tomar, his family members and his associates accounts and used to buy immovable properties. The agency has cautioned Indian citizens to remain vigilant against phishing scams and fraudulent communications. Such scams aim to steal personal and financial information through fake websites, emails, messages or calls. The agency said that spoofed web address looks similar to an official site but contains extra letters, symbols, or spelling errors. Legitimate websites use secure connections (https://) and spoofed sites often use http:// or show Not Secure. Fake sites may have low-quality images, blurry logos, mismatched fonts, or irregular page layouts. Pop-ups asking you to download software, share information, or click on links are a red flag. Official websites never ask for passwords, OTPs, bank details, or Aadhaar numbers through pop-up forms or emails. Internal links on the website does not work, or some pages redirect to unrelated or suspicious sites. Offers or claims that seem unusually generous or urgent (e.g., Get free benefits or Claim now or Get High Returns) are common phishing tactics. The total attachment in the case so far stands at Rs. 64.15 crore, the agency said.