A student from Oxford was sentenced to four and a half years in prison for defrauding cryptocurrency investors out of more than £2 million.
Wybo Wiersma, a PhD student from Goredijk in the Netherlands, created the website iotaseed.io while enrolled in the Internet Institute at St. Cross College. Users believed that the website’s 81-character “seeds” created were random strings of characters. Iota is a type of cryptocurrency that requires seeds to operate. Julian Christopher KC testified in court that “Anyone who knows the seed can access, and so can transfer and trade the Iota crypto.”
Users were led to believe that the seeds generated by Wiersma’s website were completely random. However, they were predetermined due to the malicious code that was fixed on the website. Thus, Wiersma had access to all of them. Wiersma could steal money by transferring it into his own accounts because only those who possess the seed can transfer Iota. On January 19, 2018, he converted them into Bitcoin and a different cryptocurrency called Monero using the cryptocurrency exchange website Bitfinex.
As soon as Bitfinex noticed unusual activity on the accounts, it froze them and insisted on identification. Wiersma gave them images of two passports that were fake. One passport, purportedly from Belgium, clearly showed an incorrect nation map. The second photo, which purported to show a man named “Jason” holding an Australian passport, was also found to be a forgery.
Wiersma switched to another cryptocurrency exchange called Binance and opened five more accounts because the accounts on Bitfinex were still frozen. These were also swiftly frozen, and he offered another image of a man with a fake British passport to be used as identification.
By 2018, several users of the iotaseed.io website had reported their stolen funds to German police, who could link the theft to the UK and then forwarded the case to the cybercrime unit of the South East Regional Organized Crime Unit. When it became clear that only Wiersma had used the same virtual private network to access his own Bitfinex account, they could link the crime to him, pointing authorities to the other four accounts that had been the receiver of stolen money.
Following that, British police searched his Oxford home in January 2019—by then, he had stopped attending St Cross for his PhD programme. They discovered his desktop computer was open and could observe his movements. Wiersma asserted that his computer had been hacked in interviews. He responded “no comment” when asked about the malicious iotaseed.io website and was later let go without being charged so that he could travel back to the Netherlands.
However, detectives persisted in their inquiry and discovered that Wiersma’s college coursework also contained references to the pseudonym Norbert van den Berg, which had been used to create the original malicious website. Additionally, they could link his virtual private network to a Bitcoin payment that had been made to set up the seed-generating website.
Wiesma was detained in the Netherlands on Christmas Eve 2020 despite prosecutors being unable to access another laptop, six hard drives, two USB sticks, and a memory card seized in the raid.
Wiesma entered a guilty plea in Oxford Crown Court on Friday afternoon (January 27), and Judge Michael Gledhill KC sentenced him to four and a half years in prison, saying, “You are an expert in IT and computer sciences… The truth is that you chose to take advantage of your abilities to steal. This is the height of dishonesty.