A Japanese 18-year-old from Utsunomiya, Tochigi, faces criminal charges for stealing $130,000 (around ¥15 million) worth of cryptocurrency after hacking the Monappy social media network and Monacoin web-based wallet.
As reported by Japan Today and multiple other local news outlets [1, 2, 3, 4], he stole 93078.7316 Monacoins from 7735 Monappy users between August 14 and September 1, using a smartphone and Tor in an unsuccessful attempt to stay anonymous seeing that Japanese police managed to find him after analyzing the logs provided by the hacked cryptocurrency platform.
As mentioned in the incident report, the alleged offender is a resident of Utsunomiya, Tochigi Prefecture. However, his name has not been disclosed because he is still considered a minor under Japanese law.
The alleged theft of over $100,000 in cryptocurrency occurred between August 14th and September 1st, 2018, police officials revealed. The accused reportedly to stole the funds by hacking a website called Monappy, which traders use to manage the Monacoin cryptocurrency.
As detailed by Japanese authorities, the hacker used the Tor peer-to-peer (P2P) encryption software to hide personal details including his IP address. Despite making an effort to cover his tracks, security researchers working for the local police department managed to locate the offender. This, after analyzing communication logs left by the hacker on Monappy’s server.
According to local authorities, the accused has admitted that he was involved in the financial crime. The 18-year-old remarked: “I felt like I’d found a trick no one knows and did it as if I were playing a video game.”
Although it’s not clear exactly how the attacker managed to steal the funds, police officials said he was able to exploit a vulnerability in the website’s codebase which involves sending funds to users. The hacker claimed to have found a security loophole where the website’s transaction system malfunctions if someone attempts to repeatedly transfer cryptocurrency during a short timeframe.
According to the 18-year-old offender, he had repeatedly sent cryptocurrency transfer requests to his own account, which reportedly resulted in the system malfunctioning. This, he said, allowed him to transfer a large amount of cryptocurrency to his address. Approximately 7,700 crypto investors who use the Monappy website were affected due to the security breach. Commenting on the incident, Monappy’s management acknowledged that their site had been hacked and also said they would reimburse the victims.
Other details from the incident report revealed that the hacker had transferred the stolen Monacoin (MONA) cryptocurrency to an account he had opened at a different crypto website. After transferring the Monacoins, the hacker said he converted the crypto to another digital asset in order to purchase various items including a new mobile phone
