A Japanese 18-year-old from Utsunomiya, Tochigi, faces criminal charges for stealing $130,000 (around ¥15 million) worth of cryptocurrency after hacking the Monappy social media network and Monacoin web-based wallet.
As reported by Japan Today and multiple other local news outlets [1, 2, 3, 4], he stole 93078.7316 Monacoins from 7735 Monappy users between August 14 and September 1, using a smartphone and Tor in an unsuccessful attempt to stay anonymous seeing that Japanese police managed to find him after analyzing the logs provided by the hacked cryptocurrency platform.
He is quoted saying that “I felt like I’d found a trick no one knows and did it as if I were playing a video game,” and, according to a Tokyo Metropolitan Police Department spokesperson he also confirmed being the one behind the Monappy attacks.
As disclosed by Monappy after detecting the August/September attacks, he abused a weakness in the platform’s gift code feature which allowed him to send himself Monacoins by overwhelming the system with requests and making multiple transfers using the same gift code—the gift code feature was introduced in July 2017.
According to Monappy’s original statement [Google Translate translation] issued on September 3, a full list of all transactions made during the incident—with transaction IDs, withdrawn amounts, and addresses where the cryptocoins were sent—is publicly available HERE.
Following the hacking event, Monappy announced on November 21 that the service is shut down but that it will be resumed once an ongoing security check performed with the help of external security experts will conclude that the users’ safety is guaranteed—the website and service are still down.
Since September 1st, 2018, the Monacoin wallet service Monappy, which has been taken over by our company, has been forced to stop the service due to Monacoin theft. We would like to apologize to everyone who used it, and all those involved, for their inconvenience.
We have completed the direct repair of defects and other issues that have directly caused the problem, and we are currently conducting a final security check on an external security specialist company. If we can confirm that there is no problem with safety, we will announce the specific reopening time and will resume some services promptly so that you can withdraw from Monaco.
The Japanese 18-year-old is facing computer fraud and concealment of criminal proceeds charges, after moving the stolen Monacoins to a different exchange and converting it to another cryptocurrency.
Also, the Tokyo Metropolitan Police Department says that this is the first ever case in Japan in which someone is facing criminal charges for being behind a cryptocurrency-related hacking incident.
This is not the first time youngsters were apprehended by the Japanese police, with a 17-year-old being detained for creating malware designed to swipe cryptocurrency wallet private keys in February 2018 and a 13-year-old being arrested for selling a virus which blocked smartphone screens in September 2017.
In a related episode from June 2017, a Japanese 14-year-old was detained by the police for creating and sharing a ransomware strain online even though he did it only out of curiosity—this was the first time an individual was arrested for a ransomware-related crime in Japan.
In addition, while not exactly a kid, 24-year-old Masato Yasuda for using the Coinhive JavaScript library in cryptojacking attacks in January and February 2018, making ¥5,000 worth of Monero cryptocoins, which amounted to a whopping $45 at the time of the initial report.
H/T 0x009AD6_810
