August 25, 2021

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware to siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily.

In a lawsuit filed in Colorado, Schober said the sudden disappearance of his funds in January 2018 prompted him to spend more than $10,000 hiring experts in the field of tracing cryptocurrency transactions. After months of sleuthing, his investigators identified the likely culprits: Two young men in Britain who were both minors at the time of the crime (both are currently studying computer science at U.K. universities).

A forensic investigation of Schober’s computer found he’d inadvertently downloaded malicious software after clicking a link posted on Reddit for a purported cryptocurrency wallet application called “Electrum Atom.” Investigators determined that the malware was bundled with the benign program, and was designed to lie in wait for users to copy a cryptocurrency address to their computer’s temporary clipboard.

When Schober went to move approximately 16.4 bitcoins from one account to another — by pasting the lengthy payment address he’d just copied — the malware replaced his bitcoin payment address with a different address controlled by the young men.

Schober’s lawsuit lays out how his investigators traced the stolen funds through cryptocurrency exchanges and on to the two youths in the United Kingdom. In addition, they found one of the defendants — just hours after Schober’s bitcoin was stolen — had posted a message to GitHub asking for help accessing the private key corresponding to the public key of the bitcoin address used by the clipboard-stealing malware.

Investigators found the other defendant had the malware code that was bundled with the Electrum Atom application in his Github code library.

Initially, Schober hoped that the parents of the thieving teens would listen to reason, and simply return the money. So he wrote a letter to the parents of both boys:

“It seems your son has been using malware to steal money from people online,” reads the opening paragraph of the letter Schober emailed to the families. “Losing that money has been financially and emotionally devastating. He might have thought he was playing a harmless joke, but it has had serious consequences for my life.”

A portion of the letter than Schober sent to two of the defendants in 2018, after investigators determined their sons were responsible for stealing nearly $1 million in cryptocurrency from Schober.

Met with continued silence from the parents for many months, Schober filed suit against the kids and their parents in a Colorado court. A copy of the May 2021 complaint is here (PDF).

Now they are responding. One of the defendants —Hazel D. Wells — just filed a motion with the court to represent herself and her son in lieu of hiring an attorney. In a filing on Aug. 9, Wells helpfully included the letter in the screenshot above, and volunteered that her son had been questioned by U.K. authorities in connection with the bitcoin theft.

Neither of the defendants’ families are disputing the basic claim that their kids stole from Mr. Schober. Rather, they’re asserting that time has run out on Schober’s legal ability to claim a cause of action against them.

“Plaintiff alleges two common law causes of action (conversion and trespass to chattel), for which a three-year statute of limitations applies,” an attorney for the defendants argued in a filing on Aug. 6 (PDF). “Plaintiff further alleges a federal statutory cause of action, for which a two-year statute of limitations applies. Because plaintiff did not file his lawsuit until May 21, 2021, three years and five months after his injury, his claims should be dismissed.”

Schober’s attorneys argue (PDF) that “the statute of limitations begins to run when the Plaintiff knows or has reason to know of the existence and cause of the injury which is the base of his action,” and that inherent in this concept is the discovery rule, namely: That the statute of limitations does not begin to run until the plaintiff knows or has reason to know of both the existence and cause of his injury.

The plaintiffs point out that Schober’s investigators didn’t pinpoint one of the young men’s involvement until more than a year after they’d identified his co-conspirator, saying Schober notified the second boy’s parents in December 2019.

None of the parties to this lawsuit responded to requests for comment.

Image: Complaint, Schober v. Thompson, et. al.

Mark Rasch, a former prosecutor with the U.S. Justice Department, said the plaintiff is claiming the parents are liable because he gave them notice of a crime committed by their kids and they failed to respond.

“A lot of these crimes are being committed by juveniles, and we don’t have a good juvenile justice system that’s well designed to both civilly and criminally go after kids,” Rasch said.

Rasch said he’s currently an attorney in a number of lawsuits involving young men who’ve been accused of stealing and laundering millions of dollars of cryptocurrency — specifically crimes involving SIM swapping — where the fraudsters trick or bribe an employee at a mobile phone store into transferring control of a target’s phone number to a device they control.

In those cases, the plaintiffs have sought to extract compensation for their losses from the mobile phone companies — but so far those lawsuits have largely failed to yield results and are often pushed into arbitration.

Rasch said it makes sense that some victims of cryptocurrency theft are spending some serious coin to track down their assailants and sue them civilly. But he said the legwork needed to make that case is tremendous and costly, and there’s no guarantee those investments will pay off down the road.

“These crimes can be monumentally difficult and expensive to track down,” he said. “It’s designed to be difficult to do, but it’s also not designed to be impossible to do.”

As evidenced by this week’s CNBC story on a marked rise in reports of people having their Coinbase accounts emptied by fraudsters, many people investing in cryptocurrencies find out the hard way that unlike traditional banking transactions — cryptocurrency funds lost to theft are likely to stay lost because the transactions are irreversible.

Traditionally, the major crypto exchanges have said they’re not responsible for lost or stolen funds. But perhaps in response to the CNBC story, Coinbase said it was introducing a new pilot “guarantee” for U.K. customers only, wherein they will be eligible for a reimbursement of up £150,000 if someone gains unauthorized access to their account and steals funds.

However, it seems unlikely Coinbase’s new guarantee would cover cases like Schober’s — even if he’d been a U.K. customer and the theft occurred today. One of the caveats that is not covered in the guarantee is sending funds to the wrong address by accident.

164 thoughts on “Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

  1. Ted Leaf

    Er, I think he should try to get an admission of guilt, either privately or through. US courts, then start civil action in england for theft and/or pass on all info, evidence and admissions of guilt to english police etc and ask them to start action for seizures of assets etc gained from criminal activity, basicaly, anything they can find that you cannot prove was acquired with money etc you had gained legally and you had declared for tax, you lose everything else in a lot of cases and a good chance of doing jail time if you dont comply, and if still not sorted by end of sentence, very high chance of another few years jail time.
    You can get 7 years inside for armed robbery, but far longer if you don’t comply with court orders to hand assets etc over or don’t pay enough cash, you can get lifetime payment orders if you steal enough, anything you ever earn etc goes to the court and from there to victims..
    The guys who pulled the Hatton garden jewelry tunnel robbery spent most of their last years inside for criminal asset orders they didn’t meet,as are more and more criminals.
    Authorities quite often don’t even need to prove criminal behaviour, just serious doubt over where your wealth has come ftom, like Russian woman just lost £40 million, due to doubts about its source, often now used against big drug dealers too. Level of evidence needed to gain un-explained wealth orders is much lower than that needed for criminal court conviction, so is seen as a quicker, cheaper way of a least causing crooks headaches if not getting them behind bars, a bit like doing Al capone for tax instead of murder…

    1. Phil T

      If the UK authorities have questioned the individuals concerned and decided not to press charges then there is likely to be more to this story than meets the eye. In my experience the Police here are generally very willing to bring proceedings against hackers here, including on behalf of overseas companies, provided the evidence presented by the injured party is robust. Bringing a private criminal prosecution is difficult and there is the risk that the Crown will take over the proceedings. In any event, the position here is similar to that in the US ie penalties against individuals who were <18 at the time of the offence are generally quite light, as the focus is on rehabilitation rather than punishment, and it is rare that the Police will seek to recover assets. Bringing a civil claim directly in the UK is likely to be more effective, if the assets are here, as enforcing a US judgement against an unrepresented individual or one who ignores the US proceedings can be difficult and expensive because the English court will need convincing that they received a fair hearing before ordering enforcement (and you can recover your costs if they have the money).

      1. Random1234

        Beg to differ. Your police might investigate but won’t turn over the criminals. In the last few yrs there were 2 high profile hacking cases concerning UK citizens attacking and damaging US company/government computer systems. In both cases the flimsy ‘Aspergers Syndrome’ excuse was given stating the criminals would not be able to survive in US prisons. But these are white collar offenses; the guilty would be going to minimum security facilities, not those portrayed by Hollywood.

            1. JamminJ

              There is also McKinnon. That would be the 2 high profile cases mentioned.

              Problem with “high-profile”… is they usually get their high profile in the news because escaping justice is so controversial

              Nathan Francis Wyatt, 39
              Joseph O’Connor, 22
              Raphael Gray, 19
              And many more who probably don’t make the news.
              There were 8 hackers aged between 18 and 26 arrested earlier this year, probably will be extradited to the US.

              People don’t realize this… but the FBI always has agents in the UK. They live there, and their job is to arrest (alongside local and national UK counterparts) the people for crimes against US persons. Fraud and cyber are common since its easy to commit crime in the US from the UK.
              Yes, they spend more time in legal limbo awaiting multiple hearings because extradition requires a lot more. But more often than not, the suspect is sent to the US eventually.

              Be careful when you derive an idea based on Google search results, they won’t show you the whole picture. With one or two miscarriages of justice spawning hundreds of news articles about the same thing, it’s very easy to get the wrong impression that the UK isn’t going to turn over cyber criminals.

    2. larry

      Better to just hire someone to get his crypto back and pay that thug 20 percent of coins retrieved. Let the thug devise a method. Their are people who woudl kill for a hundred dollars; not sure what they would do for a quarter million. Just don’t let the thug discuss what his plans are or you will be a conspirator and serve time.

      1. JamminJ

        Umm, paying someone a percentage of profit for a crime, is still a crime. Not knowing the details does not absolve any guilt. You’ll go to jail just the same.

  2. JJ Taylor

    “,,,but it has had serious consequences for my life.”

    Someone is depending on Bitcoin to live on?

    1. tom

      It’s £145k, it could be in mcdonalds vouchers thats still a fuck ton of money

    2. cat_tax

      Ummm…well it was about 16 BTC, just under $750k USD worth at today’s prices, so yes that’s of pretty serious consequence to lose that much money by most people’s standards.

      1. Mc Master

        I think that’s the point. He didn’t have $750K in fiat. He had 16BTC

        Crypto is volatile, and isn’t insure from hacks that can easily happen. If you want secure money, you go with a bank where you at least have insurance

        1. VoiceOfReason

          The Crypto IS the investment. Show me a fiat that gives the same rate of return as BTC and I’m all in.

        2. illumina23

          A bank with insurance won’t protect you in this situation where you mistakenly (because of malware on your system) send the funds to an unintended destination.

          1. JamminJ

            Banks have often reversed charges on Credit Card purchases, reversed ACH transfers due to confirmed fraud, and even helped investigate wire transfer fraud which result in returned funds.

            Having a well-regulated banking system is really a good thing in this case.

            The idea of Cryptocurrency and notion that decentralized is somehow “better”, is naive at best. People don’t realize all the things happening behind the scenes that protect money from fraud.

  3. virtue signal

    Malware defeated by.. typing it all the way out.

      1. illumina23

        He could have examined the pasted address and made sure it matched what was intended. I sure would if I was moving 16.4 BTC.

        1. SAM

          It’s easy enough to say in retrospect. But accidents happen, and it doesn’t justify the worthless little bastards getting of Scott free.

          If it had happened to the UK families at the hands of U.S. hackers, it would be front page news on the rag sheets that pass and newspapers in England.

          The parents would be standing in front of their homes bemoaning their lost retirement savings, and how arrogant people in the U.S. are.


  4. wow

    “These crimes can be monumentally difficult and expensive to track down,”
    This is why public hangings are in order. Being nice to criminals expecting change ain’t ever going to happen.

    1. other-anon

      Oh shut up with that nonsense. Stop with the draconian extremism.

    2. This dude is psycho ^

      You seem like a stable, moral individual… /s

      1. Jimposter

        That’s “Gregory” pretending to be other people again. He’s got issues.

        1. Jimposter

          Gregory, wow and other-anon are the same person. And so are all the comments with profile names that are really just intro sentences.

        2. Readership1 (previously just Reader)

          I don’t see a Gregory here, but I recognize mealy who changes his handle for every post, then got called out by a Gregory for doing that.

          1. Gregory, do you see it now?

            (Gregory impersonates people’s names, genius…)

            You’re demonstrating the problem here without the capacity to realize it yet.

          2. Gregory

            He is using other people’s names, as I am doing right now to demonstrate how trivial that is to fool people who don’t pay much if any attention to his trolling and attention seeking issues.

            1. Readership1 (previously just Reader)

              So other-anon, This dude is psycho, Jimposter, Gregory-lite and Gregory are all the same person?
              And who are you?

              1. mealy

                “Who” is anyone? The point is the original users of the names submitted to Krebs an email address so he is actually the only one who can know who is original and who is the poser – and none of the “readership” (sic) can see that to make the determination, so you’ve got to read between the lines and look at form and substance. Unfortunately that platform limitation would require BK to moderate out the fakes personally, which isn’t likely worth his time at all. So if you see someone posting something short, nasty and obviously nothing but trollish just take with a grain of salt that they’re probably trying to delegitimize the “real” person they’re merely pretending to be, as a person self-named “Gregory” did repeatedly a few months back and has likely been doing before and after it was noticed. After all, this site outs trolls and criminal mischief idiots. It’s not unexpected nor unprecedented that some would try to undermine discussions here really, so perhaps knowing that don’t take everything at face value. Or do whatever you like, now that I’ve told you how trivial it is you could pretend to be any of those names you just listed and say silly instigatory things like Gregory, if desired. I’m not really married to any particular monicker anyway, so have at it.

                1. Readership1 (previously just Reader)

                  So he impersonates, but you also change your moniker for most posts. Not seeing the difference. If you want to be taken seriously and build that reputation that people can recognize as you it’s probably best you always post as yourself and not a random username. And if course don’t feed the trolls by acknowledging them.

                  1. other-Anon

                    “Anon” is anonymous. I don’t think any one person has claim to that.

                    YMMV feel free to disagree and think everyone should use their full given name on an internet security forum open to all kinds (including impersonator trolls, I might obviously add?) but for a simple discussion with random people it’s hardly necessary. There is no way to authenticate yourself “publicly” is the point, anyone can pick any name so that’s just a bug/feature we both live under. I picked my monicker for this site, it’s a OPT as far as that. I don’t see that it “matters” because I’m not “impersonating anyone” by posting as “Anon”. Do you see that distinction or don’t you? I’m not exploiting the UI “vuln” by disclosing that it’s being actively abused here. Are we at least clear on that? Obviously if someone wants to use “my” chosen name or anyone’s, there’s nothing to stop them really. I don’t give a wall of zeros about a random monicker, have at it. The point was to read the content for context and be aware that silly little people are actively doing that, rather than falling into their obvious little troll hole and feeding into it inadvertently as above.

                    Seeing a difference yet? It’s there. “Reputation” based on an entirely unsecured handle is the hilarious sub-metajoke in your reply, did you trademark “readership1” yet? (Applause sounds) I’m just here for the interesting new insights, it’s not really “about” who types them so much. Chaff to wheat ratio is sometimes a bit high, but if you’re conferring value to an idea based on who is saying it let me just lightly suggest you’re falling into a logical trap.

                    1. I just don't get why

                      I don’t understand why you’re so mad at someone for doing what you are doing. You let this Gregory under your skin for what? Changing his moniker just like you do? Either ignore it or or don’t.
                      You can still be anonymous without displaying your full name. Just be consistent. Otherwise it comes across as hypocritical.

                    2. You can't get it why?

                      Maybe it’s a language barrier? I should think we’ve explored why it’s an issue, “madness” not a factor except perhaps in their intent to be disruptive as an over-compensation for having nothing of value to say, but that’s just a speculation based on observations. Nothing you need to worry about if you’re not worried about it. That’s true of most things, you’ll find. Thanks for asking.

                  2. reputation negative fifty zed

                    All people don’t see all the same angles at the same time.
                    I still see utility in anonymity even as a few abuse it.
                    It’d be nice if they didn’t, but you can say that about *

  5. Nunya

    Find them and put a bullet in each one. I’ll bet they don’t commit any more crimes.

    1. UrMum

      England isn’t a backwards country that executes people

      1. Jasmen

        Well they should and that would solve the problems we have

        1. Alan K

          They should start by executing the ignorant people who think every problem can be solved with violence and murder. Especially the ones who think state-sponsored murder within a draconian legal system is somehow justified.

            1. UrMum

              That’s not irony. Do you mean sarcasm?
              Either way, it isn’t. People really are serious and think death is a reasonable punishment for these non violent crimes.
              For those people with such a twisted sense of justice, I think it could be fitting that they be beaten by police next time they drive 10 mph over the speed limit.

          1. R Hicks

            The rub is that these people have never heard of any game theory or know how that would play out. Making minor crimes have a death penalty would just escalate the severity of all crime. Got caught committing theft where the punishment is death? Why not just murder all witnesses? Not like the punishment would be worse, and you would then have chance of escaping with your life; nothing to lose, everything to gain.

      2. Quid

        You forget to add “anymore.” or “like it used to be,” at the end of your sentence.

        Jeremiah Brandreth (1785 – 7 November 1817) was an out-of-work stocking maker, living in Sutton-in-Ashfield, Nottinghamshire, who was executed for treason after being convicted of plotting to overthrow the Government of the United Kingdom. He and two others, who were known as the Pentrich martyrs, were the last people to be beheaded by an axe (posthumously, after being hanged) in an execution in Britain.[1]

      3. sunman42

        No, but they do repeatedly let “Asperger’s” claims serve as rather dubious get-out-of-extradition-free cards. Assange? Seriously?

      4. rob

        And that’s why the UK is at best a weak sister second-rate power to the USA, barely able to take on Argentina in the Falklands. Is it better to be loved or feared? To be loved is nice, but fear lasts longer.

    2. This dude is psycho ^

      Fascists are out today I see. Capital punishment for theft is insane.

  6. Hate Scammers

    Brian….can you zap hhjv’s ( Aug 26) comment? It’s a scam/ commercial post. NOTHING to to do with the topic at hand. Thanks.

  7. Anna Sörenson

    This is so petty. Why would anyone spend years and thousands of dollars to potentially ruin the life of some kids over 16 cybertokens? They clearly weren’t even old enough to fully comprehend what they were doing since they hosted incriminating code on their personal github.

    1. Bob

      Piss off. Anna, use your brain. At 16, people know better. These suspects need to do a lengthy sentence.

    2. Anna Isretarded

      Because those cybertokens are worth 750k today, you nonce.

    3. AnnaIsAMoron

      What are you blatheting on about? Those cybertokens are someone’s hard-earned cash worth $1 million in today’s value. If you get robbed of 1M USD and try to find the thieves and bring them to justice, that’s just the law working as intended. Those kids are criminals and don’t deserve a happy life until they pay their dues to society.

    4. Michal Niebauer

      Do you not understand the value of those 16 coins? Why would you NOT try to retrieve hundreds of thousands back and punish someone who has evidently done this several times? Also, the perpetrator knew what he was doing, he was just bad at it.

    5. Bruce

      I’d have some sympathy to that point had they responded to the initial letter and returned the bitcoins.

    6. John

      How in the world is this petty? Not only did these kids steal OVER $100,000 from this guy, but its pretty evident that they’re doing it to more than just one person given the method they used to infect his PC. There’s absolutely nothing petty about going after literally cybercriminals who are literally stealing people’s money en masse.

  8. Dudesky

    annnndddddd…. he likely didn’t know they were kids when he started investigating! Plus, he gave them a chance to pay up BECAUSE they were kids once he found out and literally said in the letter he didn’t want to ruin they’re lives because they seemed like they had promising futures (Anna didn’t read the article sufficiently – or maybe she’s one of the kid’s moms)

    Doesn’t seem petty at all to me.

  9. Pete

    He gave them a chance, a way out which was an extremely valiant thing to do for someone who stole that much money from him. With all the evidence the children and parents are stupid not to accept it (they probably stole from others too so would still have plenty). They chose to ignore it so go all out on them, including the parents and see how they enjoy some hard time, no uni degree and no employment due to a criminal record….

  10. Mahmoud M. Nahawandi


    but isn’t the investigation task the responsibility of the government? No matter what the crime is, there is one pillar on which every democracy is based in place already, which is supposed to carry out the investigation, the executive including police forces, to bring the case into court and hand it over to the next pillar, justice.
    It is an embarrassment for every nation even to ask citizens to carry out this duty and a clear sign of the failure of democracy, when this can be just accepted at all!
    And when there is no valid legislation existing already, that is the job for the third pillar, the legislative, to implement the necessary laws to protect their employers, the citizens, period.

    What’s next, hiring private detectives for burglars, traffic offenses, how can any government even ask for taxes, when they are not providing something useful in return?

  11. Mahhn

    The punks are thieves, and so are their parents. Just bad people (yes there is such a thing). Let them each rot in jail for 20-40 years.

  12. Phil

    There’s been no conviction and no case made so far according to the article. The parents have no duty to reply and likely thought it was nonsense. Likewise private investigations carry far less weight in the UK. Good luck to the guy getting this back but I can’t see it happening, likewise I suspect he’ll get no where in the UK without a UK based conviction being in place for this first.

  13. Morty

    If their sons are juvenile criminals, can you imagine what the parents are like?

  14. Kent Brockman

    That’s a risk of holding crypto-currency, nobody to make you whole in the event of fraud, unless you are very fortunate with the legal system. I feel for the guy but he should have done more due diligence.

  15. Naman

    I think people who use the word Draconian should be flogged. Please use the proper term for “State sponsored murder” in the future… it’s called Justice!

      1. Gregory-lite

        How about you calm down and get a life Gregory?

  16. A. Bosch

    Please remind me, crypto currency is a solution to what problem?

  17. mark

    Well, gee, if the parents are not disputing that their kids did it, then doesn’t that making them accomplices in theft and computer crime?

    1. Alan K

      Nope. There is no requirement to even acknowledge anything that comes in the mail.
      Getting a private investigator and sending a personal letter is a very nice thing to do. Assuming you are 100% on the correct name and address. But he made it easy for them to ignore.

      It carries no legal weight or authority of law. The family could have simply thrown out unsolicited mail, as they are under no obligation to open and read correspondence of strangers.

      “not disputing” is never an admission of guilt.

      1. Kiran

        DId you read the article? The kid’s mother volunteered to the court that she had received the letter (she even provided a copy) and that the UK authorities had questioned her son, so the parents clearly knew.

  18. Gentry

    The UK commonly shields it’s citizens from any criminal consequences for computer crimes committed against Americans. I don’t expect the outcome to be any different here no matter how guilty they are.

    1. JamminJ

      Not the UK. Russia, China and other Eastern European countries definitely. But there are LOTs of examples of criminal prosecutions and extraditions from the UK to the US for computer crime.
      The issue here… is that the victim did NOT press criminal charges, as he didn’t want to “ruin the kids life”.

  19. seenz deonna

    I wanted to monitor my partner’s whatsapp remotely he was in different city so i cannot touch his phone, I wanted someone who can perform the work remotely and give me access to his cellphone. REMOTEMOBILEACCESSCom was a perfect solution, they dont charge you anything in advance they fully explain you how they can do it, you can check their website for more details REMOTEMOBILEACCESSCOM

  20. Gregory the poser

    “Gregory” wants to be “other-Anon” so badly! What a loser.

  21. Sam Davis

    It would be great if there were some publicity about where these thieves are taking courses. A legitimate school wouldn’t want this type of student, although there might be a UK version of ITT Tech.

  22. yuki

    Thats why better using Binance because Binance will obey law and help thef victim, not like any other exchange that doesnt care if their customer money get stolen.

  23. johann

    TBF, if I received the message that he sent to the parents, I’d dismiss it as a scam.

  24. JC

    Did the kids pay taxes on the money they stole? The tax bill and penalties could be sustantial.

    1. JamminJ

      How would it be taxed? It’s a transfer, not income and not capital gains on investment.

  25. Javin Rios

    Oliver and Debug done the job init crazy how they chillin now big boss stackin on the com.

  26. a rational person

    not reading all the comments, but this not robbery, robbery is taking property from the person of another by force or fear. This is theft.

  27. Null

    Interesting decision, I can see how some individuals might consider kidnap, torture, recovery of funds, and execution as a reasonable solution

    1. sunman42

      I believe those are called “gangsters” in most countries.

Comments are closed.