G20 Eyes October Deadline for Crypto Anti-Money Laundering Standard

By Wolfe Zhao

G20 member countries are now looking at an October deadline for reviewing a global anti-money laundering (AML) standard on cryptocurrency, a document shows.

According to a statement issued on Sunday, finance ministers and central bank governors of the G20 member countries hosted a meeting during the weekend and reiterated their position on a plan for “vigilant” monitoring of cryptocurrencies.

The member countries further called on the Financial Action Task Force (FATF) – an intergovernmental body formed to fight money laundering and terrorist financing – to clarify how its existing AML standards can apply to cryptocurrency within three months.

“While crypto-assets do not at this point pose a global financial stability risk, we remain vigilant. … We reiterate our March commitments related to the implementation of the FATF standards and we ask the FATF to clarify in October 2018 how its standards apply to crypto-assets,” member countries said in the document.

As previously reported by CoinDesk, the G20 initially asked for an AML standard on cryptocurrency from the FATF in March, as part of its wider push for global regulatory recommendations on the issue.

Last month, it was reported that the FATF is planning to develop binding rules of AML for the world’s cryptocurrency exchanges, following a February report that the agency would step up its scrutiny effort over crypto money laundering.

Early last week, the Financial Stability Board, an organization focused on analyzing and making recommendations to the G20 on global financial systems, presented several key metrics for monitoring crypto assets ahead of the weekend meeting, in a response to the G20’s request in March of this year.

‘Clash of Clans,’ Other Mobile Games Being Used for Money Laundering (Report)

By Liz Lanier

A fun time-killer for some, popular mobile games like “Clash of Clans” are being used to launder stolen credit card money by tech-savvy thieves, according to a report from German cybersecurity company Kromtech.

In the report, initially noted on Gamasutra, it was found that over 20,000 stolen credit cards were used in games like “Clash of Clans,” “Clash Royale,” and “Marvel Contest of Champions.” The thieves can make purchases and then resell the accounts with the purchases to a third-party, wiping their hands of any connection to the stolen credit card information.

It’s a relatively easy process, as Apple IDs, which are required to make purchases on the App Store, only need a password, date of birth, some security questions, and then an email address— and a dummy email address is easy enough to make that its not really a hindrance. Especially for the thieves, who were reportedly automating the account making process, which in turn automated the money laundering process.

Kromtech traced the stolen data being used in “Clash of Clans” back to hacked MongoDB databases, one of which stored information of more than a hundred thousand credit cards.

“The tool we found and its users currently work with countries such as Saudi Arabia, India, Indonesia, Kuwait, and Mauritania,” the report states. “We do not know if this was simply because the tool and Facebook page is new and this is just due to initial users, or if operating through these countries provides some kind of additional benefit to the thieves.”

In the report, Kromtech is advising developers to secure the process by which users can make new accounts, to guard against those who might make an automated tool to generate mass accounts.

Automated money-laundering scheme found in free-to-play games

An unsecured MongoDB database has exposed what security researchers say is an automated money-laundering operation. The scam involves credit card thieves automatically creating fake Apple accounts and gaming profiles to profit from transactions on gaming sites.

On Monday, Kromtech’s Security Center explained that crooks are reaping profits from games that are free to play by reselling resources – for example, gems, gold, other virtual objects that give players extra abilities (known as power-ups), or games themselves.

It’s a rich vein to mine: according to one report, the gaming industry saw revenues of $108.4bn in 2017, with most of it – $82bn – coming from free-to-play titles.

Kromtech communications director Alexander Kernishniuk said in a post that money laundering in app stores is far from a new idea: in 2011, for example, Apple’s App Store was flooded with expensive, oddball apps that nobody was actually buying, the bulk of them from China.

Money laundering is one thing, but Kromtech wound up finding something Kernishniuk called “much more sophisticated.”

While conducting security audits of unsecured MongoDB databases, security researchers saw a newly created, “strange” database – open to the public, with no passwords or credentials required – that held a large number of credit card numbers and personal information. Given that the groups of records were in round numbers – 10K, 20K, 30K – the records were likely bought on the market for carders: i.e., those who buy stolen credit card numbers in large lots.

Kromtech researcher Bob Diachenko told Bleeping Computer that the group had it down to a science: they were using a special tool to create iOS accounts using valid emails accounts, then they were adding a stolen payment card’s details to one of the new iOS accounts.

Then, they used another automated tool on jailbroken iOS devices to spread the workload, which consisted of installing games, creating in-game accounts, and buying game features or premiums that they later re-sold online for real money.

The database was only a few months old. The credit card thieves were using the records to target just three games: Clash of Clans and Clash Royale, both from game maker Supercell, and Marvel Contest of Champions, from Kabam. The three games – all together, the trio has 250 million users – have a very active third-party market for selling resources.

Kromtech said that the automated tool its researchers found, and its users, currently work with countries such as Saudi Arabia, India, Indonesia, Kuwait, and Mauritania. The database contained 150,833 unique card entries, each with full card number, expiration date, and CCVs. The cards belonged to 19 different banks.

Kromtech says that it’s easy to automatically create new accounts on a large scale because Apple only requires a valid email address, a password, a date of birth, and three security questions to create an Apple ID. Email accounts from various providers are also very easy to create en masse, with little verification required. Put the two together, and accounts could be churned out lickety-split, in great numbers.

But wait, there’s still more automation yet in this scheme: not only did the crooks automatically create accounts, they also automatically filled in credit card details until they hit on a valid one, then they automatically purchased games and resources, automatically posted games and resources for sale, used a digital wallet for order processing, and used multiple Apple devices to distribute the load.


The end result, an automated money laundering tool for credit card thieves.

There are a few hurdles that should slow down this type of automated thievery. For one, email services could require phone verification, which some are, in fact, doing. VoIP burner numbers are still easy to get, but at least phone verification would make it tougher to get email accounts in bulk.

For another thing, Apple does try to validate the credit cards by charging and then refunding, $1. But Kromtech isn’t impressed by the company’s verification processes, given that researchers spotted many transactions that went through using cards that had an incorrect name and address.

Perhaps verification is minimal due to the low dollar amount of the charge, but a stricter credit card verification would make it a bit more difficult for the carders.

Kromtech has notified the US Department of Justice about the operation. Ditto for Supercell and Apple. I’ve reached out to Apple for a comment and will update the story if I hear back.

While the focus here is on Apple, Google Play isn’t immune to this type of abuse too. Kromtech’s researchers said they saw instructions on how to rebind Google accounts, with payments, to user IDs in Supercell. Rebinding means that a player can log-in on other devices, as long as they remember their binding details.

Don’t play into the scammers’ hands

Kromtech advised players not to fall for offers of cheaper gems/diamonds. They’re scams. Such third-party services request private login data such as Apple ID or your Google Play credentials to access your account, but they often hijack the account and sell it to other players. Also, once they have access to your credentials, scammers can jeopardize not only your gaming security but your financial security, as well.

If that’s not harsh enough, buying gems or diamonds from third-party vendors can lead to having your in-app currency revoked, or even get your account permanently banned.

Finally, here’s a rare thumb’s-up for unsecured databases: Like we’ve said in the past, they’re still the low-hanging fruit of the internet.

MongoDB, a NoSQL database, turns up all too frequently in security-breach headlines, which is why we always urge people to make sure they read the security manual of whatever NoSQL database service they’re using, and that they implement all the available security controls.

However, fortunately for all of us law-abiding citizens, carders and other crooks are also mere humans, prone to the same poor database security that others grapple with. This money-laundering scheme came to light because of it – a rare instance of a silver lining on a security failure!

Peer-to-Peer Crypto-Exchanges: A Haven for Money Laundering

By Tara Seals

Buyers and sellers can exchange cash in person, transfer bank funds online or can exchange funds for prepaid cards, gift cards or other cryptocurrencies.

The need to launder money is omnipresent in the criminal world, and lately, a new way of doing it has come to the fore: peer-to-peer cryptocurrency exchanges.

These exchanges offer one-to-one relationships and transactions; buyers and sellers of virtual currency sign-up with their location information, IP address and other data to verify their identity, link to their wallets, and from there can swap and cash out currencies with other people who decide to trust them. Parties sometimes take the relationship offline too, meeting face-to-face to close out deals. After striking a bargain, a buyer can exchange cash in person, transfer bank funds online or can exchange funds for prepaid cards, gift cards or other cryptocurrencies.

These platforms offer an alternative to the marketplace methods represented by big Bitcoin exchanges such as Coinbase, and many users feel they can get better deals and a better service experience by using them. There’s another difference though: Peer-to-peer exchanges are decentralized and often lack the accountability, security and transparency measures used by the larger players.

Coinbase for instance monitors for dark web activity and recently implemented the Know Your Customer identity verification service (not that it’s not in hot water in other ways), which in theory makes it harder for criminals to launder money or use the funds to buy items from the underground. So, peer-to-peer alternatives have started to be a go-to choice for criminals looking to take advantage of the anonymity of cryptocurrency.

“Although certain peer-to-peer cryptocurrency exchanges might willingly cooperate with law enforcement, there are readily available methods that threat actors utilize while laundering their illicitly gained funds to maintain anonymity,” said Flashpoint, which flagged the increasing criminal activity on the exchanges in a post Monday. Intelligence analyst Kathleen Weinberger told Threatpost that these include tried-and-true methods like using forged documents to sign-up for the services.

“A lot of what’s going on here is just a criminal rather than a technical story,” she said in an interview. “It’s easy to look for a technical solution to prevent this – there certainly is one (or rather a thousand of them). But there’s pressure on services to try and make their service usable – they don’t want their average user having to struggle for days to have their identity verified. At the same time, they have to make sure that this isn’t getting in the way of things being safe and accountable.”

Being a relatively new arena, that’s a work in progress. So for now, “it’s law enforcement having to crack down on those buying and selling identities and fake documents to combat this,” she said.

Law enforcement has seen some successes despite the hurdles that the exchanges present; for instance, OxyMonster, a notorious dark web purveyor of drugs and other illicit goods, was nabbed in May after detectives made a connection between a Facebook page and his dark web site on the Dream marketplace. Even though he was using a peer-to-peer Bitcoin “tip jar” for transactions, they managed to track him down by other means, arresting him as he entered the country from France, on his way to a beard contest in Miami.

Because of this Wild West element, Flashpoint analysts have observed a growing number of underground discussions around using these exchanges for criminal means, including recommendations around certain peer-to-peer services that threat actors consider valuable or the safest. Some discussions include listings of established—also known as “aged”—local exchange accounts for sale, which are less likely to be flagged for fraud because they have the appearance of long-term use.

“Discussions among threat actors in these forums primarily are concerned with recruiting others to cash-out schemes,” explained Flashpoint. “They also spell out the prerequisites for others to join and the terms necessary to convert stolen funds to Bitcoin or Monero, even in large amounts.”

Some discussions around peer-to-peer exchanges date back at least four years, but the interest is growing and likely to continue as larger exchanges stiffen their security controls.

“We’ve seen threat actors on a daily or weekly basis looking for ways to clean Bitcoin or Monero – it’s not a huge secret,” Flashpoint intelligence analyst Carles Lopez-Penalver said in an interview. “It’s somewhat easy to commit tax fraud and money laundering in general, or to purchase drugs with these methods, so the government needs to crack down. I appreciate blockchain technology – but I think that there has to be a better understanding of what’s happening out there, and that people doing very bad things with cryptocurrency.”

“Bitcoin Maven” Theresa Lynn Tetley Sentenced To 12 Months Jail For Money Laundering

By Yuri Besmanoff

Theresa Lynn Tetley, the so-called “Bitcoin Maven,” who admitted to running a Bitcoin-for-cash exchange business without a license, as well as laundering Bitcoin purchased from the proceeds of drug trafficking, was last week sentenced to 12 months and one day in federal prison and also fined $20,000.

The Downfall Of The Bitcoin Maven

She reveled in being known as the “Bitcoin Maven,” a moniker she gave herself because of her deep knowledge of cryptocurrency. That knowledge enabled her to make a substantial amount of money in a shorts space of time.

However, this week, Theresa Lynn Tetley, aged 50, of Southern California, who in a former, less complicated life had been a stockbroker and real estate investor, pleaded guilty to one count of money laundering and one count of operating a money transmitting business without a license, and was sentenced to 12 months in prison by US District Judge Manuel L. Real.

The official charge was conducting an illegal business and engaging in unlawful monetary transactions involving Bitcoins. Tetley was also ordered to forfeit some 40 Bitcoin, worth around $250,000, to forfeit $292,264.00 in cash, as well as 25 assorted gold bars (worth around $12,500) that were deemed to be the proceeds of her illegal activities.

Between $6-$9.5 Million In Illegal Transactions

The court heard how Tetley ran a Bitcoin-for-cash exchange platform without first registering with the Financial Crimes Enforcement Network (FinCEN). She had also failed to implement anti-money-laundering mechanisms such as customer due diligence, and had failed to report certain transactions required for these types of businesses.

Tetley advertised on the website LocalBitcoins.com, and took part in illegal transactions that totaled between $6-$9.5 million. Her customers were almost all from the United States. Ironically, clients that used her exchange received no special favors, as Tetley actually charged higher rates for Bitcoin transactions than legal exchange platforms do.

Laundered Drug Money Earned On The Dark Web

The most serious offence – at least in the eyes of the public – was that Tetley knowingly laundered funds from an individual suspected of receiving Bitcoin as payment for selling drugs on the “Dark Web.” During the investigation, an undercover agent representing himself as a drug trafficker successfully swapped Bitcoin for cash using Tetley’s exchange platform.

According to sentencing documents, the prosecution had successfully argued that:

“In light of the growth of the dark web and the use of digital currency, unlicensed exchangers provide an avenue of laundering for those who use digital currency for illicit purposes. Tetley’s business fueled a black-market financial system that purposely and deliberately existed outside of the regulated bank industry.”

The case against Tetley was the first of its kind in the annals of the Central District of California.

‘Bitcoin Maven’ Jailed for Multi-Million Dollar Bitcoin-for-Cash Money Laundering Operation

By AJ Dellinger

Bitcoin has lost most of its (likely inflated) value in the last few months, but it still has plenty of value for law enforcement agencies looking for financial crimes to punish. The latest cryptocurrency criminal to get the book thrown at them is “Bitcoin Maven,” a 50-year-old woman who ran a bitcoin-for-cash exchange operation.

The Department of Justice announced Theresa Lynn Tetley, a former stockbroker and real estate investor, was sentenced to 12 months and one day in federal prison this week for operating an unlicensed money transmitting business and money laundering. She was also ordered to forfeit 40 Bitcoin (valued at about $250,000), $292,264 in cash, and 25 gold bars acquired through her illegal business.

Tetley’s scheme, highlighted by Ars Technica, involved offering people Bitcoin in exchange for cash, which on its face probably doesn’t sound like much of a crime. But Tetley did everything off the books. She failed to register her operation as a money services business and didn’t offer any sort of “anti-money-laundering mechanisms,” per the Justice Department.

Most of Tetley’s transactions were completed in person, with cash being provided for the virtual currency. She advertised her service through localbitcoins.com, a site that facilitates such exchanges, where she posted under the name “Bitcoin Maven.” She lived up to it, too; According to the DOJ, she exchanged $6 and $9.5 million over the course of several years.

Her undoing came when she began unwittingly started doing business with an undercover agent from the Drug Enforcement Administration. The agency started closing in on her in 2016, and dragged her along for nearly a year as they built a case against her.

The plan to bring Tetley down included introducing a second agent, posing as the first agent’s boyfriend, to conduct a number of large transactions with the Bitcoin Maven. According to Ars Technica, at one point the fake boyfriend informed Tetley that he possessed a large supply of “coke, meth, and weed” that had been “stolen” and was selling that stash for the bitcoin he was trading with her. Tetley moved forward with the transactions anyway, at one point showing up with $300,000 in two Trader Joe’s grocery bags to make a trade with the undercover agent.

“Providing cash in envelopes (and in the significant amounts she did), in coffee shops and restaurants, is no way to conduct legitimate business, certainly when that volume exceeds the millions,” prosecutors wrote in a sentencing memorandumper Ars Technica. “Someone such as defendant—a former stockbroker and real estate investor—was certainly aware of that.”

Not helping her case was the fact that Tetley was also doing business with William James Farber, a man believed to be at the head of one of the largest drug rings on the now-shuttered dark web marketplace Alphabay. Ars Technica noted Farber was arrested last year and charged with conspiracy to possess and distribute controlled substances.

For her run as the Bitcoin Maven, Tetley will spend 366 days behind bars in a federal prison. Her stash of bitcoin collected from the business, which now belongs to the government, is worth about $250,000 as of Wednesday evening—but it’ll likely be worth $400,000, then $75,000, then $250,000 again by the end of the week.

‘Bitcoin Maven’ sentenced to a year in prison for money laundering

By James Koren

Bitcoin and other cryptocurrencies have for years been a preferred payment method on the so-called dark web — anything-goes corners of the internet where you can find drugs and other illegal products and services.

But once a drug dealer accepts crytocurrency, how do they turn that money into real currency? The case of Theresa Tetley is instructive.

The Marina del Rey woman exchanged millions of dollars in cash for bitcoin, including for a suspected online drug dealer. She was sentenced Monday to a year in federal prison after pleading guilty to money laundering.

Tetley, a former stockbroker turned bitcoin enthusiast who called herself “Bitcoin Maven,” will also pay a $20,000 fine and give up nearly $300,000 in cash, 25 gold bars and 40 bitcoin — worth about $270,000 as of Monday afternoon — that federal authorities seized last year.

From 2014 to last year, Tetley exchanged as much as $9.5 million in cash for bitcoin, meeting clients at restaurants, coffee shops and other public places to hand over envelopes of cash in exchange for the virtual currency, the Justice Department said in court filings.

She was arrested in March 2017 after a sting operation orchestrated by the U.S. Drug Enforcement Administration. She offered to exchange $300,000 in cash — carried in two Trader Joe’s paper grocery bags — for bitcoin held by an undercover DEA agent posing as a drug dealer, prosecutors said.

The Justice Department also alleged that Tetley made $6 million worth of bitcoin-for-cash exchanges with William James Farber, a Los Angeles man charged last summer with running an Altadena drug ring that sold cannabis on dark-web marketplaces Silk Road and AlphaBay.

Tetley was charged with money laundering and operating an unlicensed money-transmitting business and pleaded guilty to both charges in January.

It’s not illegal to exchange bitcoin or other digital currencies for cash, but Tetley did so without obeying federal rules that require banks and other financial firms to report suspicious activity and large cash transactions — measures that aim to curb money laundering by drug traffickers or other illegal businesses.

Bitcoin and other virtual currencies, which are not issued by governments and can be directly exchanged from person to person without going through banks or other regulated institutions, are a preferred payment method for dark-web transactions.

But those who accept virtual currency payments for illicit transactions may have a difficult time exchanging those holdings for real currency — unless they find someone like Tetley who would not report suspicious activity to federal regulators.

Brian Klein, one of Tetley’s attorneys, called the 12-month sentence a victory, noting that it is substantially shorter than the 30-month sentence sought by federal prosecutors. In a sentencing document submitted to the court, her attorneys argued that Tetley, though guilty, “did not set out to engage in a broad-ranging criminal enterprise.”

“We are pleased the judge made such a dramatic departure,” Klein said.

The U.S. attorney’s office argued in court filings that Tetley should have received a longer sentence because her conduct showed she knew or should have known some of her clients were engaging in illegal activity.

“Providing cash in envelopes (and in the significant amounts she did), in coffee shops and restaurants, is no way to conduct legitimate business, certainly when that volume exceeds the millions,” government attorneys said in court filings. “Her decision to continue to proceed in this manner highlights the seriousness of the offense.”

Crypto Thefts Triple, Driving Growth in Coin Money-Laundering

By Olga Kharif

Criminals are stealing more cryptocurrency from exchanges, and that’s driving growth in a cottage industry of services that allows for money laundering of coins, according to a new report.

In the first half of the year, more than $760 million in cryptocurrency was stolen from exchanges — nearly three times more than in all of 2017, CipherTrace said in its initial quarterly report on the subject. CipherTrace is a Menlo Park, California-based blockchain security firm that works with more than 40 companies and governments to trace crypto transactions.

The current market value of the top 100 cryptocurrencies is around $270 billion, according to CoinMarketCap.com. Services that clean dirty funds are widely available, CipherTrace said, and some have even advertised through Google AdWords.

“There are so many cryptocurrencies now, and they are worth so much money, and there are so many exchanges globally where you can cash out, that we’ve seen not just traditional cyber gangs but we’ve seen a new set of criminals enter this space,” Chief Executive Officer David Jevans said in a phone interview. “This overall market expansion has created a whole new generation of cyber criminals that didn’t exist 15 months ago.”

Crypto coins number more than 1,600, and tracking them all is increasingly difficult — which gives criminals an opening. Regulators have said that many exchanges and startups issuing new coins still don’t do enough to check customer identities and verify that users aren’t laundering stolen funds. Users buying and selling coins are typically represented by anonymous addresses.

Meanwhile, many exchanges — and new ones are opening all the time — have security vulnerabilities. And cryptocurrencies, once stolen, often can’t be returned or even traced to the thieves.

“It’s a lot easier than robbing banks,” Jevans said.

Regulators globally are likely to crack down on crypto money-laundering, Jevans said. While that’s probably good for investors, some coins could suffer.

“There are going to be small coins kicked off exchanges because it’s going to be difficult to track transactions,” he said.

The DOJ Ran a Bitcoin Laundering Sting and Caught Dozens of Drug Dealers

By Aaron Mak

The Department of Justice announced Tuesday that it had arrested more than 35 people and seized more than $23.6 million in assets in the “first nationwide undercover action to target vendors of illicit goods on the Darknet.” Over the course of a year, Homeland Security Investigations (HSI) agents posed as money launderers who were helping narcotics and weapons dealers convert cryptocurrency into U.S. dollars. A cache of around 2,000 Bitcoins, which are worth more than $20 million, make up the bulk of the seized assets. Agents also seized Bitcoin mining equipment, 333 bottles of liquid synthetic opioids, and a grenade launcher.

“At this crucial time of unprecedented drug related deaths, one of the greatest threats we face is cyber drug trafficking,” a Drug Enforcement Administration official said in a statement. “Because the Darknet invites criminals into our homes, and provides unlimited access to illegal commerce, law enforcement is taking steps to identify and arrest those involved.”

Bitcoin is often the currency of choice on the darknet, also known as the dark web, because it allows buyers and dealers of illicit goods to more easily retain their anonymity. Authorities claim that they identified dealers in popular marketplaces like Silk Road, AlphaBay, and Hansa. HSI Agent Angel Melendez told the Verge the agency is starting to focus more on individual sellers rather than marketplaces, because the illegal activity simply moves elsewhere when a hub is shut down.

In the past, authorities have also posed as weapons dealers, harvested IP addresses, and hacked suspects’ computers to track down alleged criminals on the dark web. Bitcoin exchanges themselves have also been pressured by law enforcement to keep better tabs on their customers to ensure that their platforms aren’t hosting money laundering and other crimes.

Major Crypto Exchanges Face Action Over Money-Laundering Fears

By Wolfie Zhao

Japan’s financial watchdog is reportedly planning to force improvements at a number of licensed cryptocurrency exchanges over perceived issues with internal systems, including anti-money laundering (AML) measures.

According to a report from Nikkei on Tuesday, the country’s Financial Service Agency (FSA) intends to ensure full compliance with current AML rules at larger exchanges as their holdings of customer funds rapidly increases. The report suggests at least five exchanges, including bitFlyer, Quoine, and Bitbank, are on the FSA’s list to receive “business improvement orders” this week.

The report said that, based on its recent inspections, the FSA found that some licensed exchanges still do not have sufficient measures in place for spotting suspicious transactions. Further, the agency is also concerned that the firms have not recruited enough staff to cope with the growing volume of transactions on their platforms.

Back in April, the FSA was already raising questions over what it considered a loosely enforced ID-verification process at bitFlyer, after which the firm pledged it would strengthen its procedures.

The agency also issued business improvement orders in March to a number of registered but lesser known cryptocurrency exchanges – including GMO Coin and Tech Bureau – as part of its review of crypto trading platforms following the $530 million Coincheck hack in January.

And, earlier this month, the FSA gave its first-ever license rejection to cryptocurrency exchange FSHO after having issued two suspension orders to the firm over its alleged failure to properly implement security and AML improvements.

The latest move by the FSA comes just days after a Japanese self-regulatory group of cryptocurrency exchanges proposed to strengthen their AML measures by prohibiting member platforms from listing anonymous cryptocurrencies such as monero and dash.

Formed in the aftermath of the Coincheck hack, the Japanese Virtual Currency Exchange Association consists of major exchanges such as bitFlyer, Bitbank and Quoine.