A U.S. court has indicted two Russian citizens on charges of a conspiracy to defraud three digital currency exchanges and their users of $16.8 million in cryptocurrency.
The defendants, Danil Potekhin alias cronuswar and Dmitrii Karasavidi alias Dmitriy Krasvidi, are said to have deployed a combination of phishing and spoofing attacks against unsuspecting crypto users affiliated with the crypto exchanges.
Essentially, spoofing and phishing is employed by cybercriminals seeking to exploit user trust to fraudulently harvest their personal credentials and gain access to accounts holding virtual coins.
According to a press release published by the U.S. Department of Justice (DOJ), Potekhin opened and managed about 13 fake domains for a cryptocurrency exchange based in the U.S. The 2017 incident saw the suspect deploy the fake sites to lure more than 150 people (comprising the exchange’s customer base) to key their user credentials and passwords.
The two Russian nationals from Moscow are said to have opened several fake accounts with the target cryptocurrency exchange, and used stolen credentials belonging to three UK-based users to create three of the alleged accounts.
Potekhin and Karasavidi then used the stolen personal information from the exchange’s legitimate users to break into victim accounts and steal cryptocurrency. It turns out that by establishing links between the fake accounts and the legitimate customers’ accounts, the criminals succeeded to make large withdrawals of crypto without the required authorization.
Forfeiture Complaint Targets the Stolen Millions
U.S. law enforcement also noted the occurrence of a sophisticated scheme used by the Russian nationals to manipulate the markets using stolen user credentials drawn from the U.S.-based crypto exchange – with authorities noting that three victims were affected by a market manipulation attack launched in 2017.
In addition, it is alleged that the suspects engaged in similar fraud practices that occurred between October 2017 and March 2018. The schemes culminated in theft attacks aimed at customers affiliated with another digital currency exchange based outside the U.S.
The estimated value of stolen cryptocurrency surpassed the $11 million mark.
U.S. authorities discovered that the funds were subjected to a money laundering process, which sought to hide the nature and origin of the crypto. Essentially, the digital money was sent through a series of transactions targeting several addresses – with a large portion of the stolen crypto being transferred to Karasavidi’s account.
In highlight, the U.S. justice system has sought forfeiture of the millions of dollars in digital coins connected to the suspects’ criminal activities.
The filed forfeiture complaint has indicated that the pair engaged in a “large scale and sophisticated phishing campaign” targeting digital currency exchanges, including the San Francisco-based Poloniex, Hong Kong’s Binance, and New York’s Gemini Trust Company LLC.
It is reported that the U.S. Secret Service has taken hold of more than $6 million in U.S. dollars, and several millions of dollars in cryptocurrency subject to changing market prices.
Finally, the criminal charges levelled against the Russians citizens have been followed by a decision by the U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) to sanction the two.