Defendants Allegedly Attacked Crypto Exchanges to Defraud Customers of at Least $16.8 Million
The US Department of Justice (DOJ) indicted two Russian nationals with crimes related to cyberattacks on three cryptocurrency exchanges. The defendants are charged with conspiracy to defraud three cryptocurrency exchanges and their customers in addition to other crimes. Losses top $16.8 million USD.
The two Russian nationals, Danil Potekhin a/k/a cronuswar and Dmitrii Karasavidi a/k/a Dmitriy Karasvidi are charged with:
- Conspiracy to commit computer fraud and abuse, in violation of 18 U.S.C. § 1030(b)
- Computer fraud, in violation of 18 U.S.C. § 1030(a)(4)
- Conspiracy to commit wire fraud, in violation of 18 U.S.C. § 1349;
- Money laundering conspiracy, in violation of 18 U.S.C. § 1956(h)
- Two counts of aggravated identity theft, in violation of 18 U.S.C. § 1028A(a)(1)
Two of the defrauded cryptocurrency exchanges are based in the United States. The cybercrimes occurred between July 2017 and March 2018.
The accused used a combination of phishing emails and spoofed web domains to trick cryptocurrency customers. The defendants allegedly used the spoofed domain names to steal customers’ crypto exchange login credentials, including email addresses, password information, and other personal information.
The two Russian defendants also allegedly executed cryptocurrency trades valued at over $5 million USD to create increased demand and price.
U.S. Attorney Anderson said, “My warning to the public is that digital currency exchanges are not like banks. The security of digital currency exchanges is only as good as your own vigilance. While law enforcement will do everything within our power to protect you, you must also protect yourself.”
Spoofed Cryptocurrency Domains
Potekhin set up numerous spoof domain names that were crafted to closely resemble legitimate cryptocurrency exchanges. Domain name and website spoofing is a malicious tactic intended to trick internet users into thinking they are on a certain website when in fact they are on an imposter’s fraudulent website. Spoofed domains are strongly associated with cybercrimes like credit card and login credential theft. They may also be used to infect a computer with malware or support other internet schemes.
Potekhin created and controlled at least thirteen fake domains. They use these spoofed domain names to trick over 150 victim cryptocurrency customers into in putting their identification and login credentials into the websites.
Multiple fictitious cryptocurrency accounts on the exchanges using stolen identities. The two Russian Nationals used stolen personally identifiable information from three victims in the United Kingdom and used the data to create exchange accounts to launder money.
“Ultimately, the stolen virtual currency was traced to Karasavidi’s account, and millions of dollars in virtual currency and U.S. dollars was seized in a forfeiture action by the United States Secret Service,” says the DOJ.
US Treasury Tracks Down Stolen Money
“The attackers then employed a variety of methods to exfiltrate their ill-gotten virtual currency: using exchange accounts created using fictitious or stolen identities; circumventing exchanges’ internal controls; swapping into different types of virtual currency; moving virtual currency through multiple intermediary addresses; and a market manipulation scheme in which inexpensive virtual currency was purchased at a fast rate to increase demand and price, then quickly sold for a higher price to glean quick profit, says the US Department of the Treasury.
US Treasury Sanctions Russians
In addition, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned both Potekhin and Karasavidi. and filed documents seeking the civil and criminal forfeiture of assets traceable to the alleged crimes.” the U.S. Department of the Treasury explained. “Karasavidi laundered the proceeds of the attacks into an account in his name. He attempted to conceal the nature and source of the funds by transferring them in a layered and sophisticated manner through multiple accounts and multiple virtual currency blockchains.
The indictment was filed on 18 February and made public today