Fraudster Spoofed Coinbase to Buy Rolexes and Lamborghinis, Now Faces Decades in Prison

An Indian national faces up to 20 years in prison for spoofing the Coinbase website to steal over $37 million, which he used to pay for supercars, expensive watches and exotic trips.

In June 2021, 30-year-old Chirag Tomar engaged in a scheme to steal millions in cryptocurrency from hundreds of victims worldwide.

Tomar and his co-conspirators impersonated the popular Coinbase exchange by creating a fake version registered with a similar web address.

At the time, Coinbase operated a ‘Pro’ version of its web portal, found at "pro.coinbase.com." Tomar and his fellow crooks created a replica, easily accessible by accident as "coinbasepro.com."

“In order to deceive unsuspecting users into believing they were accessing the legitimate Coinbase webpage, the fraudulent website was crafted to mimic the authentic website,” according to the US Department of Justice.

With their login credentials in the hands of the fake 'Coinbase,' an authentication process was triggered. They had been tricked into giving their login info to the fraudsters who then used it to access the victims’ crypto wallets on the real Coinbase website and soon drained their accounts.

“Other times, victims were tricked into allowing fake Coinbase representatives into executing remote desktop software, which enabled fraudsters to gain control of victims’ computers and access their legitimate Coinbase accounts,” according to the charges.

Tomar and his crew also impersonated Coinbase customer service representatives and tricked users into providing their two-factor authentication codes over the phone.

“Once the fraudsters gained access to the victims’ Coinbase accounts, the fraudsters quickly transferred the victims’ Coinbase cryptocurrency holdings to cryptocurrency wallets under the fraudsters’ control,” the DOJ says.

In a notable attack described by the prosecution, a victim from North Carolina lost $240,000 to the gang’s socially-engineered tricks.

Court documents say Tomar engaged in a lavish lifestyle, using his ill-gained funds to pay for a Rolex and other expensive watches, luxury vehicles, including Lamborghinis and Porsches, and to make trips to Dubai, Thailand and other exotic locations.

Tomar pleaded guilty to wire fraud conspiracy, which carries a maximum sentence of 20 years in prison. The fraudster is yet to be sentenced.

Americans lost over a billion dollars in 2023 to scammers impersonating businesses or government agencies, the FTC said in a report this year.

Bitdefender strongly advises Crypto aficionados to use a password manager coupled with a dedicated security solution on the devices they use to access and manage their digital assets. Such tools issue instant alerts when the person is about to log into a non-legitimate website.

According to the results in the Bitdefender 2024 Consumer Cybersecurity Assessment Report, four in five netizens carry out sensitive transactions on their phones, while failing to exercise adequate cybersecurity practices – all the while admitting that their biggest concern is hackers accessing their finances.

Bitdefender recently introduced Scamio, a free scam detector and prevention service for anyone with a Bitdefender account. Suspicious about a certain phone call, email, or SMS? Simply describe the situation to our clever chatbot and let it guide you to safety. You can share with Scamio the exact thing you want to check, such as a screenshot, PDF, QR code, or link. Scamio lets you know in seconds if it’s a sham.