India charges Chirag Tomar and 7 others in $20M Coinbase spoofing scam

Chirag Tomar is having a rough couple of years. Already sitting in a US federal prison on a five-year sentence for wire fraud conspiracy, the 31-year-old now faces prosecution in India after the country’s Enforcement Directorate filed a formal complaint against him and seven co-defendants over an alleged $20 million Coinbase spoofing scheme.

The ED’s prosecution complaint, filed under India’s Prevention of Money Laundering Act (PMLA), targets Tomar, his brother Pankaj Tomar, and several associates, including an entity called M/s Tomar Group of Industries. The case represents one of the more aggressive cross-border enforcement actions against crypto phishing operations to date.

How the scam worked

The operation ran from June 2021 until Tomar’s arrest at the Atlanta airport on December 20, 2023. Tomar and his associates created counterfeit websites designed to look exactly like the legitimate Coinbase Pro trading platform. Victims who landed on these spoofed pages, including one using the domain coinbasepro.com, were tricked into entering their login credentials.

But harvesting passwords was only step one. The conspirators also employed social engineering tactics to extract victims’ two-factor authentication codes, the very security layer meant to prevent unauthorized access. Once they had both pieces, they essentially held the keys to the kingdom.