His name is Andrew Schober.
It all began in 2018, when the man was investing heavily on cryptocurrencies, by spending 95% of his net worth. Schober did this with high hopes, with plans to later sell the coins to buy a home and support his family.
But unfortunately for him, Schober was robbed.
As first reported by Krebs on Security, this happened after he downloaded an app called 'Electrum Atom' from a link he found on Reddit.
He thought he downloaded a Bitcoin wallet when instead, he downloaded a malware that allowed hackers to steal his 16.4552 Bitcoins. The hackers managed to do this when Schober tried moving some of his tokens.
At the time, they were worth nearly $200,000. At this time, they're worth more than $750,000.
Schober was depressed. But he didn't stop there, as he swore that one day, he will catch the thieves.
Schober then led a private investigation by hiring experts to trace the flow of the cryptocurrency from his addresses to accounts controlled by the hackers.
That until one point, after costing him ore than $10,000, Schober thinks that he has found the thieves.
He managed to find the hackers after his investigation found that the wallet app he downloaded had inserted a malware into his computer's Java libraries. The malware remains active to monitor Schober's activities, waiting for him to copy a Bitcoin address. And when Schober went to copy his Bitcoin address, the malware swiftly swapped the copied address from his computer's clipboard with an address controlled by the hacker.
Because of this, when Schober pasted, it was not his address that was pasted.
The hackers' addresses were stored inside the malware's code, and in his investigation, it was revealed that there were at least 195,000 accounts that the hackers controlled.
At that time, Schober wanted to transfer Bitcoins from one of his addresses to another. But since the malware swapped his Bitcoin address to the one controlled by the hackers, he inadvertently sent the cryptocurrency to the hackers.
His investigation found that one of the hackers posed as Schober, and posted a question on GitHub about how to obtain a private key to Schober's account. It was revealed that the alleged hacker needed the private key to launder Schober's Bitcoin into Monero, a privacy-focused cryptocurrency.
That post on GitHub was created only hours after Schober lost his Bitcoins.
Tracing that GitHub account led to a GitHub repositories for the malware, along with the code for a program that allowed for algorithmic trading at the Bitfinex exchange, where two deposits involving Schober’s Bitcoin were traced to.
This was when Schober's investigation finally pinpointed to the alleged thieves.
According to the lawsuit, the alleged hackers are two computer science university students from the UK. But since the two were minors at the time of the hack, Schober is suing their parents to get his Bitcoins back.
Schober did this by sending the two young men's parents notes to inform them about his investigation.
“It seems your son has been using malware to steal money from people online,” he wrote. “Losing that money has been financially and emotionally devastating. He might have thought he was playing a harmless joke, but it has had serious consequences for my life.”
Schober then asked the two young men's parents to “make this right, without involving law enforcement.”
Schober went on to say that he would stop if his stolen Bitcoins are returned in full.
Through the notes, Schober gave them his wallet address, as well as a deadline.
Schober sent the first notes in 2018, and then again in 2019.
Because he heard nothing from the two young men's parents, Schober is filing a lawsuit (PDF) in Colorado against the two alleged hackers and their parents, claiming that the parents “knew or should have known” that their children were engaged in “illegal computer abuse(s) and/or cryptocurrency theft(s).”
While reports said that Schober managed to trace the hackers, dealing with cryptocurrency transactions is difficult, as they are hard to trace and irreversible.
“These crimes can be monumentally difficult and expensive to track down,” said Mark Rasch, a former prosecutor with the U.S. Justice Department. “It’s designed to be difficult to do, but it’s also not designed to be impossible to do.”
Hackers stealing cryptocurrencies are common. In 2020 alone, nearly $2 billion in cryptocurrencies were lost from either theft, hacks, or fraud.
And in Schober's case, the malware made use of the fact that Bitcoin addresses are long, and people tend to copy-paste them instead of typing them.