Security researcher Sam Curry found himself facing an unexpected ordeal upon returning to the United States. Border officials and federal agents seized and searched his electronic devices and served him with a ‘Grand Jury’ subpoena, demanding his court testimony.
Furthermore, the reason behind this investigation was linked to Curry’s involvement in investigating a crypto phishing scam, where his IP address was found in the logs of a crypto wallet associated with the scam. Despite his background as a security researcher, he was subjected to intense scrutiny.
Curry’s situation unfolded at Dulles International Airport in Virginia, where he was directed to a secondary inspection area by officials from the IRS Criminal Investigation division and the U.S. Department of Homeland Security.
After questioning, Curry was asked to leave the room while his unlocked device was searched for another hour. He was given little information about his status in the case. Following this, Curry contacted a lawyer who learned that he was the target of the grand jury subpoena, all for what Curry describes as a “really silly reason.”
The reason behind this investigation was Curry’s role in investigating a crypto phishing website that had stolen millions of dollars. During the investigation, Curry had imported a private key into his MetaMask while on his home IP address, which led to his IP being subpoenaed by the authorities. Fortunately, Curry’s attorney was able to have the subpoena dismissed after confirming that all data from his device had been deleted.
Despite being an established web app security researcher, Curry’s case highlights the legal gray area surrounding ethical hacking and the need for awareness among defenders and ethical hackers.