FBI Seizes $154 Million in Bitcoin Stolen from Sony by Rogue Employee

US law enforcement has taken legal action to seize and return over US$154 million embezzled from Sony Life Insurance Company Ltd by an employee in a textbook business email compromise (BEC) attack.

Rei Ishii, 32, a Tokyo-based employee of the Sony Corporation subsidiary, allegedly diverted the funds when Sony Life attempted to transfer them between its financial accounts.

Culprit Diverts Funds, Converts Them to Crypto

Ishii was alleged to have done this by falsifying transaction instructions, which caused the funds to be transferred to an account he controlled at a Californian bank. He later converted the stolen funds into more than 3879 bitcoins held in an offline cryptocurrency cold wallet.

In a crude attempt at blackmail, Ishii also tried to block his supervisor and several Sony Life executives from assisting in the investigation by emailing them a “ransom note” typed in English and Japanese:

If you accept the settlement, we will return the funds … [But] if you [file] criminal charges, it will be impossible to recover [them]. We might go down [for] this, but … you [will] be right there next to us. We strongly recommend to stop communicate (sic) with any third parties, including law enforcement.

Ransom note from Rei Ishii, accused embezzler and former employee of Sony Life Insurance Co Ltd

Earlier this month, following a joint investigation by the FBI and Japanese authorities, the 3879 bitcoins (worth more than US$150 million at the time) in Ishii’s cold wallet were seized after the FBI obtained the private key and transferred the ill-gotten crypto to its own bitcoin wallet.

Tokyo’s Metropolitan Police Department arrested Ishii on the same day and criminally charged him on suspicion of obtaining US$154 million dollars via fraudulent money transfers.

In a statement, Acting US Attorney Randy Grossman said:

This case is an example of amazing work by FBI agents and Japanese law enforcement, who teamed up to track this virtual cash. Criminals take note: You cannot rely on cryptocurrency to hide your ill-gotten gains from law enforcement.

Acting US Attorney Randy Grossman

Echoes of the REvil Ransomware Case

The case echoes charges filed by the US Department of Justice last month against a REvil ransomware affiliate responsible for the July attack against the Kaseya MSP platform. This case had ripple effects as far as Australia, with more than US$6 million seized from another REvil partner.