Security Engineer at Yuga Labs Faces Federal Investigation for Crypto Phishing
A security engineer at Yuga Labs, Sam Curry, found himself in the midst of a federal investigation conducted by the Internal Revenue Service’s Criminal Investigation Division (IRS-CI) and the Department of Homeland Security (DHS). The investigation stemmed from Curry’s involvement in uncovering a cryptocurrency phishing website in December 2022.
Sam Curry’s Encounter with Federal Agents
Curry detailed the incident on his social media account, recounting how he was subpoenaed and investigated by federal authorities. After returning from Japan, Curry was directed to a secondary inspection room upon entering the United States, where he was handed a Grand Jury subpoena.
During the hour-long interrogation, officers from the IRS-CI and DHS asked vague questions about a “high profile phishing campaign” and the potential connection between Curry’s IP address and a threat actor. Although Curry believed it was a random selection, he willingly handed over his unlocked device for inspection.
The device was then given to DHS and IRS-CI agents who were investigating money laundering, conspiracy, and wire fraud charges. Despite being given limited information about his involvement, Curry was eventually allowed to leave after his device was thoroughly searched.
The Private Key that Triggered the Investigation
In December 2022, Curry played a crucial role in uncovering a crypto phishing website that had stolen millions of dollars. The scammer accidentally published their Ethereum private key in the website’s JavaScript. In an attempt to investigate, Curry imported the private key into his MetaMask using his home IP address to check if any assets were left in the wallet.
Back in December, 2022, I helped investigate a crypto phishing website that had stolen millions of dollars. In the JavaScript of the website, the scammer had accidentally published their Ethereum private key. Sadly, I’d found it 5 minutes too late and the stolen assets were gone. pic.twitter.com/Kb4QNt8X9s
— Sam Curry (@samwcyo) September 27, 2023
The investigating agents obtained authorization logs from OpenSea and traced the IP address back to Curry, leading to the subpoena and subsequent encounter with federal authorities. However, after discussions between Curry’s lawyer and the authorities, the subpoena was dismissed, and all data from Curry’s device was deleted.
Hot Take: Security Engineer’s Role in Phishing Probe Raises Concerns
The case involving Sam Curry, a security engineer at Yuga Labs, highlights the potential risks faced by individuals involved in uncovering cryptocurrency scams. While Curry’s intentions were to investigate and prevent further theft, his actions inadvertently led to a federal investigation and encounter with law enforcement.
This incident raises questions about the legal implications for those who actively engage in cybersecurity efforts within the crypto space. As the industry continues to grow, it is crucial for individuals like Curry to be aware of potential consequences and seek legal advice to navigate these complex situations.
Source: CryptoPotato
By
By
By
By
