Two people have been arrested so far in relation to the operation, a computer programmer and his employer, according to a local report. It is alleged that the programmer, a 42-year-old office worker, was hired by the mastermind of the operation to replicate a Ripple exchange website. The mastermind then spoofed or impersonated the real exchange’s email account and contacted users saying their funds had been frozen.
The email contained a link to the fake website, where 24 Korean investors and 37 Japanese investors were convinced to enter their login details which were then recorded by the scammer and used to gain access to user funds on the real exchange site. While the scam exclusively targeted Korean and Japanese citizens, the FBI may have gotten involved last December due to the fact that Ripple is an American company.
Local media outlet JoonAng Ilbo reports that the lead scammer transferred the stolen XRP into the local fiat currency, the Korean won, and used the funds on to pay for five-star accommodation in a high-end apartment complex as well as other luxury items and services.
Supposedly the mastermind behind the operation became involved in phishing after he himself fell victim to an exchange hack in 2014, losing all of his investment. After the investigation failed to yield any results and the hackers got away, he was inspired to carry out similar crimes of his own.
As well as contracting the programmer, he also liaised with another accomplice, a Japanese cryptocurrency exchange operator who provided him with the user data (email accounts, affiliated exchanges, and 2FA status) needed to amass a list of potential targets. The Japanese accomplice is still at large and believed to be in Japan at this time – Seoul’s cybercrime division say they are reaching out to Japanese authorities for collaboration…