The path of a young Indian hacker from luxury to prison.
Chirag Tomar, 30, an Indian national, pleaded guilty to major fraud involving electronic communications. He was arrested by law enforcement officers at the Atlanta airport on December 20, 2023, as a result of a large-scale investigation conducted by the US Secret Service with the assistance of the FBI in Nashville.
In June 2021, Tomar and his associates created a fake website that visually copied the Coinbase Pro trading platform. To mislead legitimate Coinbase customers, they used the domain "coinbasepro.com", almost identical to the official one.
The phishing resource allowed users to get logins and passwords to log in to the platform, as well as two-factor authentication codes.
At that time, the platform was intended for professional traders and investors working with cryptocurrencies, and had advanced features — real-time order books, detailed charts, and other tools. However, on November 9, 2022, Coinbase Pro officially stopped working, and its capabilities were integrated into the main platform of the exchange.
Having gained access to the accounts, Tomar and his group seized control of the victims ' crypto wallets and transferred the assets belonging to them to their own accounts. Often, the process of embezzlement of funds was accompanied by the use of social engineering methods.
For example, when users logged in, they were shown a fake crash message asking them to call support. Posing as Coinbase employees, the criminals convinced gullible customers to provide them with remote access to computers under the pretext of assistance. Sometimes the victim was forced to dictate a two-factor authentication code over the phone, ostensibly to verify the account.
In one of the scenarios mentioned in the DOJ indictment, a North Carolina victim lost $240,000 as a result of Tomar's actions.
"As Tomar admitted in court today, he controlled numerous cryptocurrency wallets, which collectively received hundreds of transfers with funds stolen from real Coinbase customer accounts, totaling tens of millions of dollars," the court documents note. "After receiving the stolen cryptocurrencies, Tomar promptly converted them into other digital assets or transferred them between countless wallets under his control and those of his accomplices."
According to the investigation, the cryptocurrencies were subsequently cashed out and distributed between Tomar and his accomplices. The investigation found that a significant part of the stolen assets was spent on maintaining a luxurious lifestyle. Among other things, the fraudster bought expensive Rolex watches, luxury Lamborghini and Porsche cars, and also made expensive trips to Dubai and Thailand.
Chirag Tomar is currently charged with committing a felony and could face a maximum sentence of 20 years in prison and a fine of $250,000. The exact dates of the next court hearings and sentencing have not yet been officially announced.
Chirag Tomar, 30, an Indian national, pleaded guilty to major fraud involving electronic communications. He was arrested by law enforcement officers at the Atlanta airport on December 20, 2023, as a result of a large-scale investigation conducted by the US Secret Service with the assistance of the FBI in Nashville.
In June 2021, Tomar and his associates created a fake website that visually copied the Coinbase Pro trading platform. To mislead legitimate Coinbase customers, they used the domain "coinbasepro.com", almost identical to the official one.
The phishing resource allowed users to get logins and passwords to log in to the platform, as well as two-factor authentication codes.
At that time, the platform was intended for professional traders and investors working with cryptocurrencies, and had advanced features — real-time order books, detailed charts, and other tools. However, on November 9, 2022, Coinbase Pro officially stopped working, and its capabilities were integrated into the main platform of the exchange.
Having gained access to the accounts, Tomar and his group seized control of the victims ' crypto wallets and transferred the assets belonging to them to their own accounts. Often, the process of embezzlement of funds was accompanied by the use of social engineering methods.
For example, when users logged in, they were shown a fake crash message asking them to call support. Posing as Coinbase employees, the criminals convinced gullible customers to provide them with remote access to computers under the pretext of assistance. Sometimes the victim was forced to dictate a two-factor authentication code over the phone, ostensibly to verify the account.
In one of the scenarios mentioned in the DOJ indictment, a North Carolina victim lost $240,000 as a result of Tomar's actions.
"As Tomar admitted in court today, he controlled numerous cryptocurrency wallets, which collectively received hundreds of transfers with funds stolen from real Coinbase customer accounts, totaling tens of millions of dollars," the court documents note. "After receiving the stolen cryptocurrencies, Tomar promptly converted them into other digital assets or transferred them between countless wallets under his control and those of his accomplices."
According to the investigation, the cryptocurrencies were subsequently cashed out and distributed between Tomar and his accomplices. The investigation found that a significant part of the stolen assets was spent on maintaining a luxurious lifestyle. Among other things, the fraudster bought expensive Rolex watches, luxury Lamborghini and Porsche cars, and also made expensive trips to Dubai and Thailand.
Chirag Tomar is currently charged with committing a felony and could face a maximum sentence of 20 years in prison and a fine of $250,000. The exact dates of the next court hearings and sentencing have not yet been officially announced.
