Here’s how FBI tracked a Sony employee who stole $154 million worth of Bitcoins
The United States Department of Justice returned $154 million worth of Bitcoins purportedly stolen from Sony Life Insurance Company Ltd, a SONY subsidiary, in what’s being called a textbook business email compromise (BEC) attack. A BEC is an exploit in which an attacker obtains access to a business email account and imitates the owner’s identity, in order to defraud the company and its employees.
According to the US Department of Justice, a SONY employee allegedly stole funds from the company in May and converted it to more than 3,879 Bitcoins. Those funds were seized by law enforcement on December 1, based on the Federal Bureau of Investigation’s (FBI) probe.
The accused has been identified as Rei Ishii, who allegedly falsified transaction instructions, which caused the funds to be transferred to an account that Ishii controlled at a bank in La Jolla, California. Ishii then quickly converted the funds to Bitcoin cryptocurrency.
FBI was able to trace Bitcoin transfers and identify that 3,879.16 Bitcoins, representing the proceeds of the funds stolen from the company had been transferred to a specific Bitcoin address and then to an offline cryptocurrency cold wallet.
“As a result of this coordinated effort from Sony and Citibank, continued to investigate in cooperation with Japan’s National Police Agency, the Tokyo Metropolitan Police Department, Tokyo District Public Prosecutors Office, and JPEC (Japan Prosecutors unit on Emerging Crimes), investigators obtained the “private key” – the rough equivalent of a password – needed to access the Bitcoin address,” the US department said in a press release.
Meanwhile, all the Bitcoins traceable to the theft have been recovered and fully preserved. Ishii has been criminally charged in Japan.
“It is our intent to return the stolen money to the victim of this audacious theft, and today’s action helps us do that,” said Acting U.S. Attorney Randy Grossman. “This case is an example of amazing work by FBI agents and Japanese law enforcement, who teamed up to track this virtual cash. Criminals should take note: You cannot rely on cyptocurrency to hide your ill-gotten gains from law enforcement. The United States coordinates extensively with its international partners to forestall crime and retrieve stolen funds.”
“The FBI was able to recover these stolen funds for two very important reasons,” said FBI Special Agent in Charge Suzanne Turner. “First, Sony and Citibank immediately contacted and cooperated with law enforcement as soon as the theft was detected, and the FBI worked in partnership with both to locate the funds. Second, the FBI’s footprint internationally through our Legal Attaché offices and the pre-existing relationships we have established in foreign countries – in this instance with Japan – enabled law enforcement to coordinate and identify the subject. The FBI’s technical expertise was able to trace the money to the subject’s crypto wallet and seize those funds.”