August 25, 2021

In 2018, Andrew Schober was digitally mugged for approximately $1 million worth of bitcoin. After several years of working with investigators, Schober says he’s confident he has located two young men in the United Kingdom responsible for using a clever piece of digital clipboard-stealing malware to siphon his crypto holdings. Schober is now suing each of their parents in a civil case that seeks to extract what their children would not return voluntarily.

In a lawsuit filed in Colorado, Schober said the sudden disappearance of his funds in January 2018 prompted him to spend more than $10,000 hiring experts in the field of tracing cryptocurrency transactions. After months of sleuthing, his investigators identified the likely culprits: Two young men in Britain who were both minors at the time of the crime (both are currently studying computer science at U.K. universities).

A forensic investigation of Schober’s computer found he’d inadvertently downloaded malicious software after clicking a link posted on Reddit for a purported cryptocurrency wallet application called “Electrum Atom.” Investigators determined that the malware was bundled with the benign program, and was designed to lie in wait for users to copy a cryptocurrency address to their computer’s temporary clipboard.

When Schober went to move approximately 16.4 bitcoins from one account to another — by pasting the lengthy payment address he’d just copied — the malware replaced his bitcoin payment address with a different address controlled by the young men.

Schober’s lawsuit lays out how his investigators traced the stolen funds through cryptocurrency exchanges and on to the two youths in the United Kingdom. In addition, they found one of the defendants — just hours after Schober’s bitcoin was stolen — had posted a message to GitHub asking for help accessing the private key corresponding to the public key of the bitcoin address used by the clipboard-stealing malware.

Investigators found the other defendant had the malware code that was bundled with the Electrum Atom application in his Github code library.

Initially, Schober hoped that the parents of the thieving teens would listen to reason, and simply return the money. So he wrote a letter to the parents of both boys:

“It seems your son has been using malware to steal money from people online,” reads the opening paragraph of the letter Schober emailed to the families. “Losing that money has been financially and emotionally devastating. He might have thought he was playing a harmless joke, but it has had serious consequences for my life.”

A portion of the letter than Schober sent to two of the defendants in 2018, after investigators determined their sons were responsible for stealing nearly $1 million in cryptocurrency from Schober.

Met with continued silence from the parents for many months, Schober filed suit against the kids and their parents in a Colorado court. A copy of the May 2021 complaint is here (PDF).

Now they are responding. One of the defendants —Hazel D. Wells — just filed a motion with the court to represent herself and her son in lieu of hiring an attorney. In a filing on Aug. 9, Wells helpfully included the letter in the screenshot above, and volunteered that her son had been questioned by U.K. authorities in connection with the bitcoin theft.

Neither of the defendants’ families are disputing the basic claim that their kids stole from Mr. Schober. Rather, they’re asserting that time has run out on Schober’s legal ability to claim a cause of action against them.

“Plaintiff alleges two common law causes of action (conversion and trespass to chattel), for which a three-year statute of limitations applies,” an attorney for the defendants argued in a filing on Aug. 6 (PDF). “Plaintiff further alleges a federal statutory cause of action, for which a two-year statute of limitations applies. Because plaintiff did not file his lawsuit until May 21, 2021, three years and five months after his injury, his claims should be dismissed.”

Schober’s attorneys argue (PDF) that “the statute of limitations begins to run when the Plaintiff knows or has reason to know of the existence and cause of the injury which is the base of his action,” and that inherent in this concept is the discovery rule, namely: That the statute of limitations does not begin to run until the plaintiff knows or has reason to know of both the existence and cause of his injury.

The plaintiffs point out that Schober’s investigators didn’t pinpoint one of the young men’s involvement until more than a year after they’d identified his co-conspirator, saying Schober notified the second boy’s parents in December 2019.

None of the parties to this lawsuit responded to requests for comment.

Image: Complaint, Schober v. Thompson, et. al.

Mark Rasch, a former prosecutor with the U.S. Justice Department, said the plaintiff is claiming the parents are liable because he gave them notice of a crime committed by their kids and they failed to respond.

“A lot of these crimes are being committed by juveniles, and we don’t have a good juvenile justice system that’s well designed to both civilly and criminally go after kids,” Rasch said.

Rasch said he’s currently an attorney in a number of lawsuits involving young men who’ve been accused of stealing and laundering millions of dollars of cryptocurrency — specifically crimes involving SIM swapping — where the fraudsters trick or bribe an employee at a mobile phone store into transferring control of a target’s phone number to a device they control.

In those cases, the plaintiffs have sought to extract compensation for their losses from the mobile phone companies — but so far those lawsuits have largely failed to yield results and are often pushed into arbitration.

Rasch said it makes sense that some victims of cryptocurrency theft are spending some serious coin to track down their assailants and sue them civilly. But he said the legwork needed to make that case is tremendous and costly, and there’s no guarantee those investments will pay off down the road.

“These crimes can be monumentally difficult and expensive to track down,” he said. “It’s designed to be difficult to do, but it’s also not designed to be impossible to do.”

As evidenced by this week’s CNBC story on a marked rise in reports of people having their Coinbase accounts emptied by fraudsters, many people investing in cryptocurrencies find out the hard way that unlike traditional banking transactions — cryptocurrency funds lost to theft are likely to stay lost because the transactions are irreversible.

Traditionally, the major crypto exchanges have said they’re not responsible for lost or stolen funds. But perhaps in response to the CNBC story, Coinbase said it was introducing a new pilot “guarantee” for U.K. customers only, wherein they will be eligible for a reimbursement of up £150,000 if someone gains unauthorized access to their account and steals funds.

However, it seems unlikely Coinbase’s new guarantee would cover cases like Schober’s — even if he’d been a U.K. customer and the theft occurred today. One of the caveats that is not covered in the guarantee is sending funds to the wrong address by accident.


164 thoughts on “Man Robbed of 16 Bitcoin Sues Young Thieves’ Parents

  1. Ihateyou

    Cowards hiding behind pseudonyms, irony would be this happening to those people who fail to support accountability for peoples actions. Maybe criminals will see your weakness and take advantage, that way when you want justice you can come here and be a sandbag.

    Reply
    1. name randomizer iZ9k$dj2*e!

      Accountability is quite rare and doesn’t require you “sound off” in support of the idea.
      So rare it doesn’t care what any of us think.

      Reply
    2. Robyn Marx

      to begin with, I don’t waste money on imaginary “bitcoin” funds, I invest in actual, tangible, items…

      Reply
      1. Marc

        I always think about the Dutch speculating on Tulips when I see someone schilling bitcoin investments. It is not backed by anything and the minute someone hacks the blockchain, game over. No thank you.

        Reply
    3. Jo Worthy

      If someone can steal that much digital money… all it shows is that it can be done and your digital money is simply not secure. Here we are just talking about 16 bitcoins that have close to a million dollars in value? Does anyone else see just how idiotically priced “not a damn thing backing their BS value” is nothing but a bite away to just disappear? I mean, you kinda can feel legitimate currencies in your hand… it feels real, and I can go and use it everywhere. Try that with your imaginary digital currency.

      I really can’t help but laugh when I think about just what base it was all of you are throwing real money at and yet not realize just how consumer dependent a wildly fluctuating BS currency is … that has
      nothing to back it up… Nope, no countries basic economy… and hey one decent EMP blast, and you can kiss it all goodbye

      Reply
      1. Goro d'oro

        “I mean, you kinda can feel legitimate currencies in your hand… it feels real, and I can go and use it everywhere. Try that with your imaginary digital currency.”

        Printed paper + Eurion dots feels “legitimate” to you as something of intrinsic value?
        Perhaps you’re just rationalizing confirmation bias as a legitimate feeling? No?
        Try putting a Krugerand in a coke machine. Try using pennies next. Morgans. Francs.
        Legitimacy is subjective, local use cases are everything. Currency is a means to an end.
        The currency of the future is clean breathable air and potable water. Feel it in your hand.

        Reply
      2. Mythcantor

        So, you are against the use of banks, credit cards, debit cards, and cash as well? Only tangible objects like goats, sheep, silver, and gold? Just because something isn’t widely accepted (though it is at some physical places) doesn’t have anything to do with whether it has real value.

        Also, you seem incredulous that 1 million dollars of bitcoin were stolen so easily. U.S. consumers lost. See the Bangladesh Bank robbery. 1 _billion_ stolen there with a handful of fraudulent commands and it wasn’t in bitcoin.

        Reply
      3. Marc

        I always think about the Dutch speculating on Tulips when I see someone schilling bitcoin investments. It is not backed by anything and the minute someone hacks the blockchain, game over. No thank you.

        Reply
  2. ReadandShare

    Statute of limitations? Once I ascertained that the complaint was genuine, I would MAKE my 16 year old return the stolen bitcoins – just as I would if he had shoplifted!

    Reply
    1. Seattle

      Amen! Geez… kids acting like adults, smarter than thier parents. Even have them wrapped around Thier finger. What did they learn? To be more malicious and untraceable.

      Reply
    2. Marc

      Tells you alot about the parents character when they try to hide behind an expired statute, especially since this guy has been paying investigators for a year to trace the event. Apples don’t appear to have landed far from the tree in these families. My son would never attempt this. I hope this genleman gets restitution regatdless of what the source of the coins was originally.

      Reply
  3. Common sense440

    While I detest imaginary money and everything to do with it, the comment by the person writing this piece is infantile regarding the accidental transfer of anything. If a person transfers anything, a picture, a text message or even imaginary money with no outside influence, that is on them and they are at fault, however if another person deliberately infiltrates and gives another location for a transfer, then that is theft.

    Also, the word accident should be removed from any article regarding Humans. Accident implies no Human was at fault.

    Reply
    1. alex

      Agreed. Malware siphoning anything, not just BTC, is not an accident. It is malicious and should be prosecuted as theft. But laws in different countries have different weights a civil judgements may be the only course of recourse.

      Reply
  4. PoshKnot

    Why do this through the legal system? Their identities are known, and there are plenty of cheap “decentralized services” available in the UK for retrieving lost or stolen items.

    Reply
  5. Arezzo

    I’ll bet if a few prominent cyber fraudsters were whacked in a spectacularly messy way there would be a lot less of this. There are a lot of out of work Columbian special forces available, or more upmarket, former Mossad.

    Reply
      1. RealityBites

        Delivering personal accountability prompts change. The more accountability the more change.

        Reply
        1. disproportionate

          That’s not accountability though. That’s blind vengeance.
          Accountability would be pressing criminal charges. Turning to the criminal underground to escalate from theft to murder, is not accountability. It’s stupid.

          It’s royally ignorant to answer one crime, by committing a far worse crime.
          Anyone who would think this is a good idea, loses all sympathy as a victim, and should deserve to have their money taken from them. It probably wouldn’t have been legally earned anyway.

          Reply
    1. Nikolai

      Yah for 5000 pounds plenty of folks get that back. This fool needs some advice.

      Reply
    2. JamminJ

      Lots of scammers out there want to make it seem that the victim can just hire someone to “get the money back”.
      That’s not really how it works.

      What really happens, is the victim is yet again victimized due to his desperation. Anyone claiming they can threaten or extort the hackers or their families to “recover” the money, is scamming the victim.

      There are tons of “for hire” ads on the dark web. Noobs don’t know, but they are ALL scams.

      Reply
      1. shoregai

        Sure, you’ve investigated all of them or even a sig fraction to say so. /s

        Reply
        1. Marc

          Same way you can figure out that anyone claiming to be a Nigerian Prince is scamming you. You don’t need a big sample size to figure out that all those offers of “Bitcoin recovery”, are just another scam.

          Reply
      2. mealy

        Sure, you’ve investigated all of them or even a sig fraction to say so. /s

        Reply
        1. JamminJregory

          Sure, you’ve investigated all of them or even a sig fraction to say so. /s

          Reply
        2. Gregory

          Sure, you’ve investigated all of them or even a sig fraction to say so. /s

          Reply
          1. Readership1 (previously just Reader)

            “I don’t give a wall of zeros about a random monicker, have at it.”
            Seems like you do.
            Whoever this Gregory is, he’s a troll and he just baited you into responding. Stop feeding the troll. If you really don’t care about a random moniker, why are you so eager to keep it for yourself.
            This Gregory troll obviously figured out that you often argue with JamminJ, and is using your random moniker replies to bait you.
            It does not appear that JamminJ is Gregory though, very different styles. Gregory is a troll who doesn’t have any knowledge about the topics and JamminJ is a know-it-all who can’t help but opine constantly.
            You should stop responding to both. Otherwise, you become a troll too.

            Reply
          2. Marc

            Same way you can figure out that anyone claiming to be a Nigerian Prince is scamming you. You don’t need a big sample size to figure out that all those offers of “Bitcoin recovery”, are just another scam.

            Reply
          3. Marc

            Same way you can figure out that anyone claiming to be a Nigerian Prince is scamming you. You don’t need a big sample size to figure out that all those offers of “Bitcoin recovery”, are just another scam.

            Reply
        3. Readership1 (previously just Reader)

          It’s not too difficult to see what’s going on. Two trolls using each other’s name. Mealy posting as Gregory and Gregory posting as Mealy. Both sometimes using random names to pretend to be neutral third parties.

          Reply
          1. JamminJ

            The funny thing is, I haven’t willingly responded to either in weeks. So the fact that he occasionally projects his behavior onto me, and accuses me of being Gregory, is slightly amusing. I don’t encourage Gregory’s trolling with a response either.

            Mealy’s style is usually pretty easy to spot once you get used to it. Short argumentative comment, without any real substance. Basically just a contrarian who doesn’t actually present a counter argument. And both of their constantly changing usernames are a giveaway.

            Reply
  6. Tomas

    recovery is the job for expert and not every individual or organization are expert. take advice from someone who has been through the process. from my experience as a victim who was able to recover is money back i suggest you contact werecoverfundslmt website for help. No upfront so you don’ need to worry

    Reply
    1. Thomas

      There is no recovery. There are only scammers.
      Scammers love to scam people who are already been victimized. Easy marks in most cases.

      Reply
  7. sshort

    There is a sign one County over that says “any job no questions $150”
    – with a local phone number – want to call the number and see if the offer is still valid

    Reply
  8. Pavel

    Lots of scammers out there want to make it seem that the victim can just hire someone to “get the money back”.
    That’s not really how it works.

    What really happens, is the victim is yet again victimized due to his desperation. Anyone claiming they can threaten or extort the hackers or their families to “recover” the money, is scamming the victim.

    There are tons of “for hire” ads on the dark web. Noobs don’t know, but they’re all scams.

    Reply
  9. 2day

    The parents are just as scummy as the kids – should we be surprised.

    Parents: yes, we understand he stole from you but you ran out of time to charge him

    Reply
    1. Nora McLeod

      You hit the nail on the head there! I would only add that the apple does not fall far from the tree….

      Reply
  10. cvgmob

    Little scumbags are studying computer science or whatever on someone elses dime clearly. Hope their college gets wind of this and gives them the boot until they return what doesn’t belong to them. Parents should be ashamed of themselves. I hope they get taken to town in court, but its trans-national so I’m betting the UK doesn’t do anything about it.

    Reply
  11. Nelda A Dickerson

    In this case the victim of Muhstik Ransomware attack who pay the hacker for releasing his data went right at the hackers by hacking them back. Although they release 3,000 decryption keys along with the dycreptor tool so other affected victim of the ransomware attack would get their files back. Mostly attackers targeted publicly expose QNAP Network Attached Storage (NAS) devices and encrypted files within them. After the where hacked the attackers demand 0.09 bitcoins or approximately 700 USD to decrypt the files. Tobias Fromel the German programmer was one of the victims of the attack and he paid up to EUROS 670 to gain his files back. Fromel found out the entire incident demeaning and insulting and decided to get back to the hacker and of course hack the attacker command and control server. He then used the same web shell to create a PHP files base on the key generator. While he keeps digging deeper, he found out decryption keys for 2,858 Muhstick victim store in the date base of the attacker.
    Even though what Fromel did may earn accolades on the moral front it may not be completely legal. He urges his readers to know he’s not that bad guy. This news came as a blow to the online caliphate.

    Reply
  12. JudgeMental

    What a gentleman! I can’t imagine such reckless parents who have no morality nor have taught it to their kids. Alas! we live in times when such values find no place. Karma comes back if not today, tomorrow. Am sure they won’t be able to enjoy those stolen bitcoins and they will pay for it.

    Reply
  13. JamminJ

    Something is still fishy!
    I’m not convinced that the so-called victim is really being altruistic by not pressing criminal charges.

    Criminal charges would be the fastest and surest way to recover the money.
    But this guy refused FOR YEARS to press charges, hired his own investigator, and seems to be trying very hard to keep any law enforcement out of this.
    Why?

    Reply
    1. JamminJ

      Maybe (speculation), could it be, because he didn’t make all that Bitcoin legally?

      Reply
      1. xter

        Maybe (speculation) it’s simplistic to guess that (or at all) given all possibilities.
        Maybe you do that too much.

        Reply
    2. Elyse

      An individual cannot “press charges”, that’s the job of prosecutors aided by police investigations. If you read the court docs, that is happening, the criminal case is pending.

      Reply
      1. Saul

        I read the 4 linked court documents. No criminal case is pending.
        It seems you are thinking of the word “prosecute” rather than “press”.

        If a crime is committed, the victim is often the one who initiates, or “presses for charges”. Yes, the district attorney are the plaintiffs and prosecutors, and obviously need to agree that a criminal law has been broken before they prosecute.

        But many crimes never get prosecuted because victims refuse to press charges.
        You see this a lot with domestic abuse. It’s also common when there is intimidation or embarrassment involved. And occasionally you see victims refusing to press charges when they believe they might also be culpable in a crime.

        I read the 4 linked court documents. No criminal case is pending. One of the defendants admitted that police in the UK asked them questions. But nothing to indicate charges will be filed. It’s been 3 years, and it’s up to the victim to “press” for charges to be filed. Seems like he still has not done that.

        3 years ago, in his letter, he wrote, “without involving law enforcement”. 3 years later, he still has not involved law enforcement. He spent over $10,000. He is very serious about getting that money back, but still not wanting to press for criminal charges.

        Reply
  14. Robyn Marx

    Oh dear, someone was robbed of his virtual (read non-existent/imaginary) money and wants to sue someone who’s child may or may not have stolen this non-existent currency….

    Reply
  15. Bill Zuber

    They need to have their thumbs amputated. That should slow down their typing and make them think twice before doing it again.

    Reply
  16. Dean

    I would guess that neither youth has ever read “The Monkey’s Paw” or “The God Father” and so has no idea exactly how badly a scheme can go if the opposing party decides to abandon all rules. Sitting behind a smug reading of statutes of limitations after having stolen over $1 million is not exactly a safe and comfortable plan, I think. Let’s ask the press to follow this up so we can see if that happy thieving family ends up as a greasy spot on a truck bumper.

    Reply
    1. victim is a criminal too

      Anyone who would resort to murder as an answer to theft, is a criminal. They lose any sympathy and deserve to have there money taken from them.

      Reply
        1. Saul

          I have represented victims in court. And a few victims who then proceed to break the law and become criminals themselves. Yeah, the jury loses sympathy for any victim who then commits a crime.
          Being a victim doesn’t give anyone the right to break the law.

          Reply
  17. sonya nutter

    My opinion: how do the parents verify their child having bitcoins? where did they get the revenues to buy them? Where these teens gainfully employed to the tune of purchasing bitcoins at a thousand dollars apiece….

    Reply
  18. JamminJ

    Parents probably can’t even confirm they have any Bitcoin. It’s not like they can look under a mattress for a digital wallet. There is no indication that the kids were spending lots of money.

    Why are we taking the word of some guy who hired private investigators instead of going to the cops? Why don’t we ask where he got all his Bitcoin in the first place? If he made his money illegally, that could explain why he has been trying to keep law enforcement out of this for so long.

    Reply
    1. Priscilla A Wagner

      Most law enforcement entities aren’t equipped nor knowledgeable enough to do this kind of investigation. Until they are, ppl will have to resort to private investigators.

      Reply
      1. JamminJ

        What? No.
        Law Enforcement is way more qualified than private investigators. They do act slower though.
        The FBI cyber crime division is going to dance circles around any private eye.

        This guy probably went to a private investigator, because they didn’t want the FBI finding everything. The biggest difference between a PI and the FBI, is you can tell a PI where to stop investigating. There is a reason this guy wanted to avoid getting the FBI involved.

        Reply
          1. JregoryJ

            Sure, you’ve investigated all of them or even a sig fraction to say so. /s

            Reply
            1. Marc

              Same way you can figure out that anyone claiming to be a Nigerian Prince is scamming you. You don’t need a big sample size to figure out that all those offers of “Bitcoin recovery”, are just another scam.

              Reply
  19. Dave Corn

    If they are still in college this would most likely be a violation of whatever code of conduct or ethical policies they have in place for students

    Reply
    1. JamminJ

      If it were proven in court with an official judgement, yes.
      If all there is, is a civil complaint, then the college probably cannot do anything. If the college were to punish them based on some guy’s allegations, and nothing more, then the college would likely be sued.

      Reply
  20. ShouldKnowBetter2021

    The United Kingdom has no statute of limitations for any criminal offence. The Computer Misuse Act of 1990 applies here, with a penalty of 2 years imprisonment. This civil suit is a way for these criminals to make right. If they don’t, they should expect some to spend some time in the London Dungeons.

    Reply
    1. Saul Goodman

      Wrong jurisdiction.
      The jurisdiction lies within the country of the victim or where the crime is committed.
      So US law applies.

      Also, the defendants are only claiming statutes of limitations for civil action, not criminal. No criminal charges have been pressed in the US or the UK.

      And it seems very unlikely that after 3 years, the victim is going to press criminal charges. As pointed out previously, it appears that he does not want criminal investigators to investigate. This happens often when someone is already breaking the law when they get their bitcoins stolen by another criminal, they don’t press criminal charges.

      Reply
      1. Elyse

        Citizens cannot “press criminal charges”. You’ve seen too many movies. That’s the decision of prosecutors. In this case, it is likely the police are or have been investigating, and criminal charges may be filed at some point based on the information and evidence already found and disclosed in the complaint.

        Reply
        1. Saul

          It seems you are thinking of the word “prosecute” rather than “press”.

          If a crime is committed, the victim is often the one who initiates, or presses for charges. Yes, the district attorney are the plaintiffs and prosecutors of whatever jurisdiction, and obviously need to agree that a criminal law has been broken before they prosecute.

          But many crimes never get prosecuted because victims refuse to press charges.
          You see this a lot with domestic abuse. It’s also common when there is intimidatiion or embarrassment involved. And occasionally you see victims refusing to press charges when they believe they might also be culpable in a crime.

          Reply
  21. Carlos Olaaka

    Unfortunately, we live in a fallen world where many a not interested in how bad they may hurt others by taking what does not belong to them. And with thieves such as hackers, robbers, grifters, conmen are all the same.

    Reply
  22. bullocks indeed

    a digital bag of poo (cryptos) is the same thing as a real bag if poop.. question is are you dumb enough to hold it in the end or to buy it?
    smart contracts can be hacked (facts) read the white papers. dont trust the low paid cellular workers they will transfer your phone for a quick buttcoin profit if they find out you have buttcoin.

    do you really think he ccp or usa gov is going to allow profits without getting their share.. if u believe that.. i have a bridge and planet to sell u…lol

    Reply
  23. Marista

    I was also a victim of these tinder forex scams. The beautiful girls on the app get matched with you and start communicating with you till you gain their trust. Boom they start showing you some expensive lifestyle and convince you to invest. I, unfortunately, fell for this scam. It was hard for me and I had to open up to friends who referred me to Fightingscams on aol mail. I wrote to them and my case was resolved. Stay away from online dating apps as there are a lot of scams going on now.

    Reply
    1. should of listened to your mom

      more like they showed you their woohaas and bongos, then your little head takes over or your ego or lack there of brain and boom. You got pawned.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *