INTERPOL has just announced the recovery of $41 million in crypto, the highest-ever intercepted money in a business email compromise (BEC) scam in Singapore. The global police organization was able to recover a nearly full amount using the all-important “global stop-payment mechanism,” which played a crucial role in the successful recovery. The scam targeted a commodities firm, which was deceived into transferring $42.3 million to a fraudulent account, but swift actions and international cooperation enabled the recovery of most of the crypto scam funds along with the arrest of seven individuals.
Key Insights
- INTERPOL recovered $41 million in a BEC crypto scam in Singapore.
- The scam involved a Singaporean commodities firm and occurred in mid-July 2024.
- The firm transferred $42.3 million to a fraudulent account in Timor-Leste on July 19, 2024.
- The scam was discovered on July 23, 2024, and reported to authorities.
- Singaporean authorities used the I-GRIP system to trace and freeze $39 million in less than 24 hours.
- Seven suspects were arrested in Southeast Asia, leading to the recovery of an additional $2 million.
- The I-GRIP mechanism has intercepted hundreds of millions of dollars in illicit funds since its launch in 2022.
- Cryptonator, a digital wallet and cryptocurrency exchange, was seized for involvement in criminal activities.
- TRM Labs found that Cryptonator facilitated over 4 million transactions worth $1.4 billion.
Singaporean Firm Scammed for $42.3M
The incident reportedly occurred in mid-July 2024 at a commodities firm based in Singapore that fell victim to a BEC scam. BEC is a type of cybercrime scam where the attacker gains impersonation access to an individual or other organizational trusts and then, while incognito, seeks to deceive targets, in the conduction of their duties, to send money or sensitive information in contravention of normal behavior, usually accomplished through email. The attackers usually compromise the email account of finance personnel or the server of a legal firm to send false invoices or email crypto scam bills.
“Scams are a global threat that requires a global response from law enforcement. Today, money moves at the click of a button, and law enforcement must be able to move as fast to protect our citizens.” – David Chew, Director of the Singapore Police Force’s Commercial Affairs Department
On July 15, the Singaporean company received an email from an email account owned by the supplier, requesting that payment previously made by the company be made to a new account at a bank in Timor-Leste.
That email to the Singaporean company was sent from a bogus email account, the address of which was very similar to the one belonging to the supplier. Not suspecting that it had been scammed, the firm remitted $42.3 million to the fraudster’s account on July 19. The fraud was detected on July 23 when one of the company’s real suppliers said they hadn’t been paid.
When the firm realized it was cheated on July 23, it immediately reported the matter to the authorities. Singaporean authorities used a system known as I-GRIP to move fast, tracing and freezing $39 million in the fraudulent account in less than 24 hours. This successful action simply reflected the effectiveness of I-GRIP in tracing and ceasing money flows of illicit funds across international borders.
The scam investigation led to the recovery of a huge amount of money and the arrest of seven individuals in Southeast Asia. These suspects are believed to have formed part of a larger network conducting similar scams. These suspects, in addition to enabling the recovery of a further US$2 million, disrupted the operations of another far-flung criminal syndicate involved in other scams.
“We commend the swift and decisive action of INTERPOL’s Financial Crime and Anti-Corruption Centre, which played a pivotal role in the prompt interception of more than USD 40 million.” – David Chew
Cryptonator Seized for Criminal Activities
Since 2022, when it first launched, the I-GRIP mechanism has managed to intercept hundreds of millions of dollars in illicit funds. In June alone, the system enabled the recovery of funds from various fiat and cryptocurrency scams and crimes during a global police operation called Operation First Light, intercepting hundreds of thousands of BEC accounts.
INTERPOL emphasized the critical need for preventive measures to avoid these traps that are BEC and other social engineering frauds. The organization, therefore advances awareness and efforts from businesses as well as individuals in a proactive manner.
In a related development, Cryptonator, an Internet-based digital wallet and cryptocurrency exchange, has been determined to receive proceeds from computer intrusions, hacking incidents, ransomware scams, fraud markets, and identity theft schemes. Law enforcement agencies seized Cryptonator and all its properties. Cryptonator, launched in December 2013 by Roman Boss, was found to have inadequate anti-money laundering controls in place. Nowhere is this more clear than in the case of Cryptonator. Specifically, charging documents were filed against Cryptonator founder Roman Boss.
Timeline of a scam
| 15 July | Singapore firm receives scam email from fake supplier |
| 19 July | Firm transfers USD 42.3 million to the fake supplier via a bank account in Timor Leste |
| 23 July | Firm discovers the fraud after genuine supplier reports not being paid and files police report in Singapore; Singapore Police Force reaches out to INTERPOL |
| 24 July | Singapore receives confirmation via INTERPOL that more than USD 39 million was intercepted thanks to cooperation with Timor Leste authorities |
| 24-26 July | Timor Leste authorities arrest several suspects and recover additional USD 2 million from crypto scams |
TRM Labs Uncovers Extensive Fraud Operations via Cryptonator
Blockchain intelligence firm TRM Labs found that Cryptonator engaged in 4 million transactions worth $1.4 billion, spewing Boss that was entitled to a small share of the revenue generated from the transactions. The platform was also used for shady activities in transactions with the darknet markets, high-risk exchanges, scam wallet addresses, mixers, sanctioned addresses, ransomware groups, and crypto theft operations. For example, Cryptonator conducted transactions with marketplaces operated by bad actors like Bitzlato, Blender, Finiko, Garantex, Hydra, and Nobitex.
These platforms are known for their involvement in money laundering, Ponzi schemes, darknet market sales, and other illicit activities. Blockchain intelligence firm TRM Labs revealed that Cryptonator conducted over 4 million transactions worth $1.4 billion, with its founder, Roman Boss, profiting from these dealings. The seizure of Cryptonator and Boss’s indictment underscore the platform’s significant role in enabling and laundering funds for cybercriminal networks.
According to TRM Labs, the platform attracted hackers, other threat actors, darknet market commanders, ransomware groups, and evaders of sanctions who would move crypto scam funds around and cash it out in fiat through Cryptonator.
The fraud in this landscape of the rise of cryptocurrency is that fraudsters are continuously reinventing ways to exploit individuals. In one recent study, Check Point laid out how good actors could be manipulating protocols like Uniswap and Safe. global, designed to operate on top of a blockchain to help hide such operations and siphon the contents of cryptocurrency wallets. In these recent incidents, those attackers have been found to be using the Uniswap Multicall contract and Gnosis Safe contracts to carry out these fraudulent fund transfers from the wallet of a would-be victim.
The Biggest of its Kind
As cryptocurrency fraud evolves, it needs constant vigilance and strong security measures. This includes regular security audits, advanced authentication methods like multi-factor authentication, ongoing education and awareness about phishing schemes, secure storage solutions such as hardware wallets, strict adherence to anti-money laundering (AML) and know-your-customer (KYC) regulations, and comprehensive incident response plans. By proactively enhancing these security practices, the cryptocurrency community can better protect itself against the ever-changing landscape of digital fraud.
“Speed is crucial to successfully intercepting the proceeds of online scams, with police, financial intelligence units, and banks cooperating across multiple jurisdictions in a race against time…The cooperation between authorities in Singapore and Timor Leste in this case was exemplary and demonstrates how quick action through INTERPOL can help recover funds taken from the fraud victims and identify the perpetrators.” – Isaac Oginni, Director of INTERPOL’s IFCACC
This reflects the absolute necessity of INTERPOL’s mechanism I-GRIP in fighting cybercrime, especially in consideration of the latest news regarding the recovery of $41 million in the largest BEC scam in Singapore. Here is something that strikes one: strong security measures and international cooperation are extremely needed in fighting intricate financial fraud. It seems that cyber threats are getting more and more complex every day and are being run repetitively, which is an impetus to vigilance by all concerned individuals and organizations for instituting security strategies.
Prevention from these types of scams and ensuring a secure digital landscape demand proactive measures, continuous education, and global cooperation. This case should act as a strong reminder that anyone can be the next victim, and preparation is always the best defense against the ever-changing tactics of cybercriminals.