Police said those targeted may have been identified through a data breach “making this a highly targeted and advanced scam”.
It involved the victim being told a fabricated story that police had arrested an individual whose phone contained the victim’s personal identification documents.
Exploiting “fear” and “urgency”, they urged the victim to “secure their assets” by logging in via a fake website link – believing it was legitimate, the victim entered their password.
This gave the apparent perpetrators access to rebuild the victim’s wallet and steal £2.1 million within a “matter of moments”.
The force said it was working to trace the funds but warned the case “serves as a reminder that scammers are constantly evolving their tactics”.
It also issued several pieces of advice:
-
Police will never call you unexpectedly about your crypto or ask you to use your cold storage device – this is a big red flag.
-
If unsure, hang up and call 101 to check if the contact was real.
-
Never share or enter your password anywhere except directly on your cold storage device during setup or recovery.
-
No legitimate company or police officer will ever ask for your seed phrase.