OKLAHOMA CITY – Two men arrested in Oklahoma City last week are suspected of hacking and stealing millions of dollars from a California-based cryptocurrency company.
Fletcher Robert Childers, 23, and Joseph Harris, 21, both of Missouri, were arrested by the U.S. Secret Service last Monday at a west side hotel. According to court documents, the two are suspects in a $14 million theft from Crowd Machine, headquartered in San Jose.
According to a search warrant filed in Oklahoma County, Crowd Machine reported the hack and theft to a California computer crimes task force on September 22. It’s believed, according to court documents, the hack was accomplished through a SIM swap, which allows hackers to steal a person’s mobile phone number and identity.
“They fool the phone company into giving them access to that phone or they have paid them off to get that information. Once they have the right information from a cell phone, they can basically take over my cell phone, your cell phone, whatever SIM card information they receive,” Special Agent in Charge Ken Valentine said Monday regarding SIM swapping. “If (a suspect) targeted the right person who has the cryptocurrency on that phone, well then you have immediate access to that. With two-factor authentication they have the account number for the cryptocurrency” and can receive authentication messages on the swapped cell phone.
In a post on its website last week, Crowd Machine said access to its cryptowallet was compromised and Crowd Machine Compute Tokens were stolen. Crowd Machine said most exchanges had suspended trading in the currency, recommended no one purchase the tokens until the investigation was closed and said exchanges would eventually re-open.
Crowd Machine reports 500 million CMCTs have been released to market, with 1.5 billion held in reserve. After the hack, Cryptocurrency websites reported around 1 billion tokens were transferred to exchanges, dropping token prices, according to coindesk.com.
According to coinmarketcap.com, as of Friday evening, Crowd Machine had a market capitalization of about $1.12 million with 470 million tokens in circulation, compared to the more widely-known Bitcoin with more than $114.8 billion and 17 million, respectively.
Sproule wrote on his company’s website last week that purchases of stolen tokens by those not involved with the theft will be honored.
“The criminal investigation is ongoing, so we’re not in a position to comment other than to confirm that two arrests have been made,” Crowd Machine Founder and CEO Craig Sproule told News 4 in a message Friday evening. “We’ve been working closely with law enforcement agencies to help with the ongoing investigation.”
According to a search warrant affidavit, the victim had also been taunted by the suspect in the $14 million theft.
“The victim, who had $14 million stolen by the occupant of the hotel room has also been receiving taunting emails from the suspect,” it said. “The suspect is also actively laundering the cryptocurrency through several different exchanges, some of which are not located in the United States.”
Court filings show an investigator with the Santa Clara County, California District Attorney’s Office and member of the state’s Regional Enforcement Allied Computer Team (REACT) contacted the Oklahoma City U.S. Secret Service field office on September 24 and a phone used in the hack was tracked to Oklahoma City’s west side.
“They started tracking these guys, figured out where they were staying, what kind of car they were driving and started doing surveillance,” Valentine said. “That’s what’s so great about having these partnerships across federal, state and local lines.”
According to court documents, investigators discovered the victim’s cellphone account was transferred to another device located in an area near the SpringHill Suites hotel, 510 S. MacArthur Blvd. U.S. Secret Service Agents found the cellphone was purchased at a nearby WalMart, and surveillance footage showed two white males visiting the store, with one purchasing the phone, on September 18.
Store surveillance footage also identified a possible suspect vehicle, registered to Childers, which was later found by agents at the hotel. A room was rented by Harris on September 17 with a check out date of the 25.
Court documents show agents requested a “no knock” search warrant on the hotel room and vehicle.
“The Search Warrant must be served quickly and with as much surprise to the suspect as possible,” a task force member wrote in the warrant affidavit. “In this specific case, the suspects are staying in a hotel room and have had the ‘do not disturb sign’ on their door for at least two days in a row, and no one has cleaned the room.”
Childers and Harris were arrested on warrants out of Santa Clara County for grand theft, identity theft and computer intrusion, according to Oklahoma City police records. News 4’s calls to the REACT director and the district attorney’s office for comment were not immediately returned.
Harris is being held in the Oklahoma County jail without bond. Childers is no longer in county custody.
As people continue to use their cell phones for personal information storage, Valentine says this case should be a wake up call of the public, regardless of the cryptocurrency theft.