FBI, have announced the unsealing of a four-count Indictment charging Soufiane Oulahyane, also known as “Soufiane Oulahya,” for his involvement in a scheme to impersonate the OpenSea marketplace. Oulahyane’s objective was to gain unauthorized access to cryptocurrency and non-fungible tokens (NFTs). The indictment alleges that Oulahyane successfully stole approximately $450,000 worth of cryptocurrency and NFTs from a victim in Manhattan in September 2021. Currently, Oulahyane is in custody in Morocco, facing charges related to domestic Moroccan offenses.
According to U.S. Attorney Damian Williams, Oulahyane utilized a common cybercrime technique known as “spoofing” to deceive victims and gain access to their cryptocurrency and NFTs. Spoofing, one of the oldest tricks in the criminal playbook, has now been adapted by Oulahyane to exploit the emerging crypto space. Williams emphasized that digital assets, including cryptocurrency and NFTs, are not immune to cyber fraudsters. He reassured the public that his office is dedicated to prosecuting these criminals both domestically and internationally.
FBI Acting Assistant Director in Charge Christie M. Curtis highlighted Oulahyane’s alleged operation of a spoof website, which allowed him to obtain unauthorized access to victims’ cryptocurrency wallets and steal their valuable assets. Curtis stressed that the FBI is committed to holding accountable all individuals who engage in malicious cyberattacks against U.S. interests, regardless of their location in the world.
The indictment, unsealed in Manhattan federal court, provides detailed insights into Oulahyane’s scheme. In September 2021, he engaged in a plan to spoof the login page of the OpenSea marketplace, the largest and most prominent platform for NFTs. By using paid advertisements on a popular search engine, Oulahyane ensured that his fraudulent version of OpenSea appeared as the top search result for the keyword “opensea.” Victims who clicked on this link were directed to Oulahyane’s spoofed website, which was deliberately designed to resemble the authentic OpenSea login page. This deceptive tactic aimed to trick unsuspecting victims into believing they were interacting with the legitimate marketplace. However, when victims entered their login credentials or other private information on the spoofed site, the information was automatically sent to an email account controlled by Oulahyane.
On September 26, 2021, a victim based in Manhattan (referred to as “Victim-1”) searched for “opensea” using a popular search engine. Unbeknownst to Victim-1, the search results directed them to Oulahyane’s spoofed version of the OpenSea login page. Victim-1, under the impression that it was the legitimate website, entered the seed phrase to their cryptocurrency wallet. Consequently, Victim-1 unknowingly provided Oulahyane with access to their cryptocurrency wallet.
Immediately after obtaining the seed phrase, Oulahyane used it to gain unauthorized access to Victim-1’s cryptocurrency wallet. He swiftly transferred the stolen cryptocurrency from Victim-1’s wallet to another wallet beyond their control. Additionally, Oulahyane sold approximately 39 of Victim-1’s NFTs on the OpenSea marketplace and transferred the fraudulent proceeds to a wallet outside Victim-1’s control. Notable among the stolen NFTs were pieces from the “Bored Ape Yacht Club,” “Meebit,” “Bored Ape Kennel Club,” and “CryptoDad” series.
The 25-year-old Moroccan national, Soufiane Oulahyane, faces multiple charges in connection with the scheme. These include wire fraud, which carries a maximum sentence of 20 years in prison; the use of an unauthorized access device, with a maximum sentence of 10 years in prison; affecting transactions with an access device to receive something of value equal to or greater than $1,000, which carries a maximum sentence of 15 years in prison; and aggravated identity theft, which mandates a consecutive sentence of two years in prison.
source – justice.gov