A 21-year-old man from Indiana named Evan Frederick Light has been convicted of stealing $37,704,560 in cryptocurrency from 571 victims during a 2022 cyberattack. According to the U.S. Attorney’s Office , Light ‘cyber intruded’ into an unnamed South Dakota-based investment holding company and stole client details.
Light, along with an accomplice, first stole the identity of a legitimate client to gain unauthorised access to the company’s servers. The pair exploited system vulnerabilities to further steal personal information, which they later used to access and transfer clients’ cryptocurrency. To conceal their identities, they funnelled the stolen funds through mixing services and gambling platforms worldwide.
The FBI tracked Light down and he was sentenced to 20 years in prison for each count, followed by three years of supervised release and being ordered to pay restitution. However, as authorities have not yet confirmed the recovery of any stolen assets, it remains uncertain whether the victims will see their funds returned.
This case emphasises critical cybersecurity vulnerabilities, particularly the improper storage and protection of Personally Identifiable Information (PII). Companies handling sensitive data should prioritise encryption, strict access controls, robust authentication, and regular security audits. Additionally, effective monitoring and logging of activities are crucial for detecting and preventing breaches.
In the case of cryptocurrency, enhanced security measures are also essential. Cold wallets, which store cryptocurrency offline, offer greater protection as they are less susceptible to hacking. Additionally, utilising multi-factor authentication (MFA) and strong, complex passwords significantly enhances account security. Users should also remain vigilant against phishing attacks to prevent unauthorised access.
Otonata can guide you through enhancing your cybersecurity practices, protecting your clients’ sensitive information.
Pingback: Fidelity Investments leak data of 77k through Common Weakness – Otonata Cybersecurity