UK police investigate $2.8 million police impersonation Bitcoin scam

North Wales Police have started investigations into a $2.8 million Bitcoin social engineering scam, where scammers impersonated a senior UK law-enforcement officer.

According to a Facebook statement released by the NWP Cybercrime agency on Thursday, the fraudster convinced the victim to reveal their crypto wallet’s seed phrase by claiming to be working on a criminal case. 

“We believe these individuals may have been identified through a data breach. This is a highly targeted and advanced scam,” the authorities wrote.

The perpetrator exploited the victim’s fear and urgency, police said, pushing them to enter their recovery phrase on a spoof website. The attackers then withdrew the equivalent of 2.1 million British pounds from the wallet within minutes.

Bitcoin wallet seed phrase phished to steal funds

The seed phrase, a string of 12 to 24 words, is the master key to a crypto wallet that allows anyone with access to control the wallet’s funds however they want.

North Wales Police said the criminals preyed on the victim’s trust in authority by insisting that their personal documents were compromised, urging them to “secure” their assets using a provided link. The phishing site tricked the victim into entering their wallet seed phrase.

“This was a highly sophisticated scheme,” a police spokesperson said. “Once the seed phrase was shared, the funds were stolen almost instantly.”

In a statement, North Wales Police told crypto holders to verify genuine law enforcement contacts.

“Police will NEVER call you unexpectedly to discuss your crypto assets or ask you to take action on your cold storage device. This is a big red flag,” officials said.

The force recommended that anyone receiving suspicious calls should hang up and contact the police directly to confirm if the communication came from official channels. Importantly, authorities said officers would never request a person’s seed phrase under any circumstances.

“Scammers are constantly evolving their tactics,” North Wales Police added. “They are crafting sophisticated social engineering schemes to trick even the most diligent holders.

According to Blockchain security firm TRM Labs report cited by Cryptopolitan, thefts involving private keys and seed phrases accounted for around 80% of stolen cryptocurrency funds in the first half of 2025. 

Analysts said that while technical vulnerabilities in exchanges and protocols continue to exist, hackers are preferably targeting individual investors because of the irreversible nature of crypto transfers.

Scattered Spider member sentenced in the US

In a separate case of crypto-related crime, a member of the notorious hacking collective known as Scattered Spider was sentenced in the United States on Wednesday.

Noah Michael Urban a/k/a King Bob, has been sentenced to 10 years in Federal Prison for his crimes and involvement with the Scattered Spider group. He has also been subject to pay $13,000,000 in restitution. pic.twitter.com/eTB6p6npGE

— vxdb (@vxdb) August 20, 2025

US District Judge Harvey Schlesinger handed down a ten-year prison sentence to Noah Urban, 20, in a Jacksonville, Florida courtroom. Urban pleaded guilty earlier this year to charges of wire fraud and aggravated identity theft.

Prosecutors said Urban was involved in cyberattacks that targeted 29 cryptocurrency investors and 13 companies. He was first arrested in central Florida in January 2024, when he was still 19 years old.

During the sentencing hearing, the court heard statements from several victims that included a retired firefighter who spoke of losing his retirement savings, while another said their IVF fertility funds had been stolen. 

“This was kind of like a game for them,” Urban’s lawyer, Kathryn Sheldon, told the court. “They were working together, conspiring together to get access to these systems.” 

According to cybersecurity researchers, Scattered Spider is a loose network of hackers, many of them young males based in the US, UK and Western Europe. The group gained notoriety for ransomware attacks in 2023 against Las Vegas casino operators Caesars Entertainment and MGM Resorts International.

KEY Difference Wire helps crypto brands break through and dominate headlines fast