Better Call Saul also suffered a SIM card attack, fake celebrity coins were used to defraud hundreds of thousands of dollars

Ismay

24-07-30 21:30

Read this article in 10 Minutes

AI summary

View the summary

Original author: ZachXBT, Chain Detective

Original translation: Ismay, BlockBeats

Editor's note: Recently, the convicted British hacker Gurv (Gurvinder Bhangu) has again attracted attention. He was accused of being involved in the theft of social media accounts of famous actors Sydney Sweeney and Bob Odenkirk. By creating the Solana meme coin scam, these attacks caused a total loss of more than $530,000.

Related reading: "friend.tech users suffered SIM Swap attacks, Verizon SMS verification is a security vulnerability? 》

The scam used by Gurv was a SIM Swap attack. Last year, crypto user @darengb also claimed that his SIM card was swapped by hackers, resulting in the theft of 22 ETH from his friend.tech account. Some people criticized the insufficient security measures of mobile operators, while others pointed out that phone numbers have inherent security vulnerabilities as a means of authentication. Verizon's related security features and the industry's security measures have also become the focus of discussion. Similar SIM card swap attacks have even happened to Ethereum co-founder Vitalik.

The following is the original content:

An investigation into the convicted British hacker Gurv (Gurvinder Bhangu) and his relationship with the recent theft of Sydney Sweeney and Bob Odenkirk's social accounts showed that a total of more than $530,000 in funds were stolen by creating the Solana meme coin scam.

On July 2, Sydney Sweeney’s account was attacked by a SIM card swap, and a meme coin link was subsequently posted on his account, causing the price of the coin to rise sharply and then plummet.

Team wallets from the SWEENEY scam sold a total of over $515,000 in assets.

Main team wallet addresses:

AgySZeAtqM3iSbvMPxv2g94oTd3segx4WdKuFD7M5CEr

jQEaiiAkRGhFoCDnjxn6mmtrksC4EckF38fxkaNMs1j

After cashing out, the hacker began trolling on social media, where they attempted to pin the blame on recent events on the likes of Hulk Hogan and 50 Cent, but there is little evidence that they were responsible for those events as well.

Through time analysis, we can see that the proceeds from the scam were first transferred to an exchange on Solana and then converted into Bitcoin and Ethereum.

Destination address:

0x0350730e4907cd69d1f3cf89f42a58091e397b11

bc1qs2lg3m278cuem2kz6shx6vn9xxzvf8lrd67dp5

bc1qvpjvdjvl98z2uz5dxhv3s32f3eenvjwzdtmlf8

These funds are dispersed on the chain, so we can infer that multiple people are involved.

After the incident, screenshots of Gurv receiving codes to log into Sydney Sweeney's account on Telegram appeared online. These codes were obtained through SIM card swapping. In addition, a receipt from Verizon was attached, showing Sydney Sweeney's SIM card swap record.

Gurv is a convicted hacker who served a prison sentence in the UK for hacking into Instagram accounts and blackmailing users. At the time, Gurv told law enforcement: "This is not even a crime."

Further confirmation showed that Gurv was indeed the person in the screenshot. In multiple Telegram groups, he responded to messages using the same Telegram user ID and talked about his experience in prison.

By correlating Ethereum addresses from the Sydney Sweeney SIM swap, we found that 1.5 ETH was sent to an exchange and received on Solana on July 9. Based on this information, we can find another attack carried out by Gurv or his partners.

Source transaction:

0xec0c75bc72bec3804c056e56da52ce8b1e43e2f9e326debaf979a6c61cfab41f

Target transaction:

i1kC4YgDTwfg7zvt5krxbarxdDeVSbk3t7o3jYEDMyBiWhWFEFVjMbD8qtMUQYnvzP1ybJ7ZA4SqZFivAfcUhoK

On July 9, Bob Odenkirk’s (Breaking Bad and Better Call Saul actor) social media account was hacked and posted a link to a meme coin, just like in the case of Sydney Sweeney. However, this time they screwed up and posted two coins (KIRK and SAUL), so the profit amount was small.

The proceeds were sent to the same Ethereum address that also funded the Solana address.

Hopefully, UK law enforcement will act quickly and use the large amount of evidence available to go after Gurv again, and some of the funds have been transferred to cryptocurrency casinos and used to purchase gift cards.

Currently, funds held in wallets associated with these hacks are around $488,000.