95% of Tracked Ransoms Were Cashed Out via BTC-e, a Digital Currency Exchange The Accused Alexander Vinnik Operated
The United States Department of Justice this week indicted a Russian man for his role in the laundering of money obtained from hacks, ransomware schemes, and other illegal activities.
Alexander Vinnik, 37, was arrested in Greece on July 25 and faces charges in the United States. According to the indictment, he is the owner and operator of multiple BTC-e accounts, including administrative accounts. Furthermore, he is the primary beneficial owner of BTC-e’s managing shell company, Canton Business Corporation.
BTC-e, one of the world’s largest and most widely used digital currency exchanges, received deposits valued at over $4 billion, and numerous withdrawals from BTC-e administrator accounts went directly to Vinnik’s personal bank accounts, the indictment alleges. Moreover, proceeds from hacks and thefts from Bitcoin exchanges were funded through a BTC-e account associated with Vinnik.
According to a DoJ announcement, the Russian was indicted for “operating an unlicensed money service business, money laundering, and related crimes” and for receiving funds from the infamous hack of Mt. Gox. The largest digital currency exchange in 2013-2014, Mt. Gox started bankruptcy proceedings in April 2014, after discovering the theft of 850,000 Bitcoins and finding only 200,000 coins in an old wallet. Hackers supposedly siphoned the funds for a long period of time, starting 2011.
“The indictment alleges that Vinnik obtained funds from the hack of Mt. Gox and laundered those funds through various online exchanges, including his own BTC-e and a now defunct digital currency exchange, Tradehill, based in San Francisco, California. The indictment alleges that by moving funds through BTC-e, Vinnik sought to conceal and disguise his connection with the proceeds from the hacking of Mt. Gox and the resulting investigation,” DoJ reveals.
The indictment also notes that BTC-e, founded in 2011, was preferred by cybercriminals because it didn’t require users to validate identity, was obscuring and anonymizing transactions and source of funds, and had no anti-money laundering process. In fact, BTC-e was allegedly operated so as to facilitate transactions for cybercriminals.
The indictment also alleges the exchange “received the criminal proceeds of numerous computer intrusions and hacking incidents, ransomware scams, identity theft schemes, corrupt public officials, and narcotics distribution rings.” Over the course of operation, BTC-e supposedly received $4 billion worth of Bitcoin for facilitating crimes such as computer hacking, fraud, identity theft, tax refund fraud schemes, public corruption, and drug trafficking.
At Black Hat this week, Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering researchers presented the findings of an investigation into ransomware payments, where they were able to track payments through the Bitcoin blockchains from distribution sites to the cash-out points. According to their report (PDF), “95% [of] traced ransoms [were] cashed out via BTC-E.”
The Treasury Department also also BTC-e $110 million for violating U.S. anti-money laundering laws, and fined Vinnik $12 million for his role in the scheme.
The indictment charges BTC-e and Vinnik with one count of operation of an unlicensed money service business (carrying a maximum penalty of 5 years in prison) and one count of conspiracy to commit money laundering (a maximum penalty of 20 years in prison). It also charges Vinnik with seventeen counts of money laundering (a maximum penalty of 20 years in prison for each count) and two counts of engaging in unlawful monetary transactions (a maximum penalty of 10 years in prison for each count).
“BTC-e was noted for its role in numerous ransomware and other cyber-criminal activity; its take-down is a significant accomplishment, and should serve as a reminder of our global reach in combating transnational cybercrime,” United States Secret Service (USSS) Special Agent in Charge of the Criminal Investigative Division Michael D’Ambrosio said.