News article | 18-03-2025 | 15:08

The investigation into the theft began after information was received in February 2021 by the Cybercrime Team of the police in Limburg that software had been installed on computers of a telecom company that allowed remote access. Further investigation revealed that cryptocurrency had been stolen from multiple individuals across the country.

The investigation revealed two suspects who allegedly provided others access to systems and login credentials in exchange for money. As a result, the phone numbers of the victims could be taken over, allowing access to their cryptocurrency. During the investigation, three men were arrested, whom the OM sees as initiators and executors of the theft. Data carriers belonging to the men were seized, which intensified suspicions against the trio.

Method

The investigation presents a picture of a well-prepared theft, starting with obtaining a database of potential victims: Through a criminal cyber forum, one of the suspects came into possession of a stolen database from a cryptocurrency service provider. In that database, potential Dutch victims were selected with an email address and phone number. With that list in hand, a corrupt employee of a telecom company was approached. Together with others, they managed to gain access to the company’s system, allowing stolen numbers to be converted into blank SIM cards. Once a phone number was taken over, the suspects could change passwords and thus gain access to email and crypto accounts. The money from those crypto accounts was then siphoned off to other wallets and ultimately came into the possession of the suspects, completing the theft.

Multiple Occurrences

There have been multiple occasions on which thefts occurred, but notable is a period in mid-February 2021. The three main suspects were staying at a holiday park and pulled all-nighters to perform SIM swaps and commit the thefts. According to the OM, there was a clear division of roles: One of the suspects acted as the technical guy and arranged the list of personal data, while another handled the arrangement of blank SIM cards. The third suspect primarily focused on the swapping of the SIM cards. The thefts ultimately yielded the suspects an amount of 112,000 euros. A total of 38 reports were made in the case. The OM is considering 8 cases involving individuals who have actually suffered damage.

Seriousness

After the phone numbers of the victims were transferred to new SIM cards, it means that the victim can no longer be reached at that phone number. All calls and text messages then go to the new SIM card: This means that the victims are also unreachable in case of emergencies. The prosecutor emphasized the sophisticated methods used by the suspects during the hearing: What stands out in this file is the cunning with which these thefts were committed. In a period of just over a month, 160 SIM swaps took place. In the weekend at the holiday park alone, 99 SIM swaps occurred, and over 6000 queries were made in the system to which they had access.

Impact

The prosecutor reflected during the hearing on the seriousness of the facts and their impact on the victims: That it involves digital crime does not lessen the impact. The victims could not make or receive calls without their knowledge and lost internet access, with all associated risks. Additionally, all phone numbers were replaced with a new number, which brings many practical problems for the victims. The victims could also not access their mailbox, which was also searched. The mailbox typically contains a lot of personal data and represents a significant invasion of privacy if someone else unlawfully accesses it. Furthermore, email is often the only safety net for numerous other accounts. Thus, the mailbox provides access to various other data.

Against the three alleged executors of the theft, the OM demands a prison sentence of two and a half years. For the other two, a community service of 180 hours and a prison sentence of three months were demanded. The court will issue a ruling on April 16.