The United States has taken legal action to seize and return over $154 million purportedly stolen from Sony Life Insurance Company Ltd, a SONY subsidiary, by an employee in a textbook business email compromise (BEC) attack.
“According to the government’s complaint, Rei Ishii, an employee of Sony Life Insurance Company Ltd. (“Sony Life”) in Tokyo, allegedly diverted the $154 million when the company attempted to transfer funds between its financial accounts,” the Justice Dept said today.
“Ishii allegedly did this by falsifying transaction instructions, which caused the funds to be transferred to an account that Ishii controlled at a bank in La Jolla, California.”
Stolen funds converted to bitcoins
According to court documents, Ishii switched the transfer address for a Sony Life transaction to use a Silvergate Bank account under his control..
Ishii later converted the stolen funds into more than 3879 bitcoins via A Coinbase set up to automatically transfer all added funds to an offline cryptocurrency cold wallet with a Bitcoin address of bc1q7rhc02dvhmlfu8smywr9mayhdph85jlpf6paqu.
After converting the money to cryptocurrency, Ishii also tried persuading his supervisor and several Sony Life executives not to help investigators by emailing them a ransom note typed in English and Japanese.
“If you accept the settlement, we will return the funds back. If you are going to file criminal charges, it will be impossible to recover the funds,” the note read.
“We might go down behind all of this, but one thing is for sure, you are going to be right there next to us. We strongly recommend to stop communicate (sic) with any third parties including law enforcement.”
Cryptocurrency seized following FBI investigation
However, on December 1, following an investigation in collaboration with Japanese law enforcement authorities, the FBI seized the 3879.16242937 BTC in Ishii’s wallet after obtaining the private key, which made it possible to transfer all the bitcoins to the FBI’s bitcoin wallet.
“Sony and Citibank immediately contacted and cooperated with law enforcement as soon as the theft was detected, and the FBI worked in partnership with both to locate the funds,” explained FBI Special Agent in Charge Suzanne Turner.
“Second, the FBI’s footprint internationally through our Legal Attaché offices and the pre-existing relationships we have established in foreign countries – in this instance with Japan – enabled law enforcement to coordinate and identify the subject.”
Tokyo’s Metropolitan Police Department arrested the 32-year-old Ishii the same day and criminally charged him on suspicion of obtaining $154 million dollars following fraudulent money transfers from mid-May.
“This case is an example of amazing work by FBI agents and Japanese law enforcement, who teamed up to track this virtual cash. Criminals should take note: You cannot rely on cyptocurrency to hide your ill-gotten gains from law enforcement,” said Acting U.S. Attorney Randy Grossman.