A cryptocurrency expert languishing in a Greek jail may have a vantage point on a tantalising issue – how Russians in US Special Counsel Robert Mueller’s crosshairs used Bitcoin to obscure their money trail.
The expert, Russian citizen Alexander Vinnik, was detained last year after US prosecutors in San Francisco accused him of supervising a digital-currency exchange that helped criminals launder billions of dollars. That exchange, according to cryptocurrency analysis company Elliptic, handled some Bitcoins traced to Fancy Bear, a hacking unit. Fancy Bear is one of the names for the Russian military intelligence officers who Mr Mueller separately accuses of stealing and releasing Democrats’ emails to sway votes in the 2016 elections.
Three countries are fighting to extradite Mr Vinnik: Russia, France and the US. The link outlined by Elliptic could explain why – and why Russia has threatened retaliation against Greece if it hands him over to one of the others.
The next turn in the Greek matter comes Tuesday. The country’s Supreme Court is set to rule on extradition requests from France and Russia, which both allege that Mr Vinnik committed cybercrimes against their citizens.
Mr Vinnik is one of multiple Russian hackers indicted by the US, some of whom could provide insights into Russian cybercrime beyond their individual cases.
Yevgeniy Nikulin, who was extradited from the Czech Republic and is charged in San Francisco with hacking LinkedIn and Dropbox in 2012, is of interest in the US inquiry into election meddling, a Justice Department official said last week. Peter Levashov, a Russian programmer who has claimed he worked for Vladimir Putin’s ruling party, is charged in Connecticut with cybercrimes linked to spamming.
Mr Vinnik denies the US money-laundering accusations, according to his lawyer, Ilias Spyrliadis. He had no control over the $9 billion (Dh33.06bn) in Bitcoin that US prosecutors in San Francisco say ran through BTC-e, the cryptocurrency exchange, the lawyer said.
Mr Vinnik won’t comment on the Russian fraud accusations, Mr Spyrliadis said, and he denies the French charges including money laundering. Still, as an alternative to extradition, Mr Vinnik has offered to work with Greek and possibly other authorities from his current location, the lawyer said.
In the San Francisco case, the US says that Mr Vinnik and BTC-e catered to cybercriminals and allowed them to launder criminal proceeds from Bitcoin and other digital currencies and turn them into cash. The exchange didn’t vet customers, letting them move money in and out anonymously. To set up an account, according to the indictment, all a person needed was a username, password and email address, which often bore no relationship to the identity of the user.
That sort of service matches a description by Mr Mueller of how the Russian military intelligence officers layered transactions through cryptocurrency exchanges to maintain anonymity when they bought time on servers they used to launch attacks.
Elliptic used details provided in the indictment, such as a transfer of exactly 0.026043 Bitcoin on February 1, 2016, to search the electronic register of all Bitcoin transactions – known as the blockchain – to find specific payments. It then used software it has developed to identify the origin of the funds for those transactions.
“There was a strong link between much of the funds allegedly used by the Fancy Bear group and BTC-e,” said Tom Robinson, Elliptic’s chief data officer. “What I can’t say for certain is whether Fancy Bear obtained them directly from BTC-e, or whether there was an intermediary.”
Mr Vinnik couldn’t have known who, really, was using the platform, Mr Spyrliadis said. While Mr Vinnik was an expert working for BTC-e he was “in no way running it”, the lawyer said.
“Mr Vinnik could sometimes see a passport and ID when performing the transactions, but was in no place to know whether this person was using a fake ID, whether he or she was wanted by Interpol or involved in anything,” he said.
The US has been trying to get its hands on Mr Vinnik for more than a year. Greece’s Supreme Court ruled in December that he could be extradited to the US to face the charges in San Francisco. But the process has been stalled by the requests from Russian and France. Greece’s Supreme Court may well approve both the French and Russian requests, Mr Spyrliadis said.
That would punt the decision to Greece’s new justice minister. Before coming to any resolution on extradition, the Greek Justice Ministry will also need to examine a political asylum request by Mr Vinnik. A justice ministry spokeswoman said the minister couldn’t comment on the case as he has just assumed his post.
A co-operating Mr Vinnik would open the door to the US gaining strategic information on Russian hackers, said Arkady Bukh, the lead lawyer defending Mr Nikulin. Getting access to emails, names and bank accounts related to Russian hacking is what Mr Vinnik’s case in the US is really about, said Mr Bukh, who isn’t representing Mr Vinnik.
Cryptocurrency exchanges are “extremely important and of great interest to the US”, said Mr Bukh. He had been in touch with Mr Vinnik’s friends about getting him legal representation outside of Greece, he said.
But first, the US would have to get its hands on Mr Vinnik, something Russia appears dead set against.
A Greek regional court approved the French extradition request in July. Russia immediately lashed out at the country: “It is obvious the Russia cannot leave these actions unanswered,” its foreign ministry warned.
Later that same day, July 13, Mr Mueller rolled out his indictment against the Russian military intelligence officers.