Bitcoin Hedge Fund and CEO Slapped With $2.5 Million Penalty for Ponzi Scheme

A New York federal court has ordered cryptocurrency hedge fund Gelfman Blueprint, Inc. (GBI) and its CEO Nicholas Gelfman to pay over $2.5 million for operating a fraudulent Ponzi scheme, according to an official announcement published Oct. 18.

GBI is a New York-based corporation and denominated Bitcoin (BTC) hedge fund incorporated in 2014. As stated on the company’s website, by 2015 it had 85 customers and 2,367 BTC under management.

The order is the continuation of the initial anti-fraud enforcement action filed by the U.S. Commodity Futures Trading Commission (CFTC) against GBI in September 2017. The CFTC charged GBI for allegedly running a Ponzi scheme from 2014 to 2016, telling investors that it had developed a computer algorithm called “Jigsaw” which allowed for substantial returns through a commodity fund. In reality, the entire scheme was a fraud.

Per the announcement, GBI and Gelfman fraudulently solicited over $600,000 from at least 80 customers. Moreover, Gelfman set up a fake computer “hack” to conceal the scheme’s trading losses. It eventually resulted in the loss of almost all customer funds.

The current order charges GBI and Gelfman to pay over $2.5 million in civil monetary penalties and restitution. GBI and Gelfman are ordered to pay $554,734.48 and $492,064.53 in restitution to customers and $1,854,000 and $177,501 in civil monetary penalties, respectively.

James McDonald, the CFTC’s Director of Enforcement, said that “this case marks yet another victory for the Commission in the virtual currency enforcement arena. As this string of cases shows, the CFTC is determined to identify bad actors in these virtual currency markets and hold them accountable.”

Last month, the CFTC filed a suit with the U.S. District Court for the Northern District of Texas against two defendants for the allegedly fraudulent solicitation of BTC. Per the suit, defendants Morgan Hunt and Kim Hecroft were running two fraudulent businesses and misleading the public to invest in leveraged or margined foreign currency contracts, such as forex, binary options, and diamonds.

https://cointelegraph.com/news/bitcoin-hedge-fund-and-ceo-slapped-with-25-million-penalty-for-ponzi-scheme

Cryptocurrency Thieves On Track To Steal Over $1 Billion In 2018

By Nermeen Abbas

The total value of stolen cryptocurrency is expected to hit over $1 billion by the end of this year, which represents a 350% increase over the amount that was stolen in all of 2017, according to a new research from CipherTrace.

The U.S cybersecurity firm revealed that during the first three quarters of 2018, $927 million of cryptocurrency was reported as stolen from exchanges by hackers; $166 million was reported stolen since the second quarter, driven by an emerging trend toward more frequent and smaller cyber-attacks by sophisticated thieves.

According to CipherTrace 2018 Q3 Cryptocurrency Anti-Money, a quantitative analysis of all the transactions on the 20 top cryptocurrency exchanges globally, 97% of direct bitcoin payments from identifiable criminal sources were received by unregulated cryptocurrency exchanges.

Nearly 5% of all bitcoin sent to poorly regulated exchanges comes from criminal activity before the money is moved, undetected, into the global financial payments system.

The poorly regulated exchanges have laundered a significant amount of bitcoin, totalling 380,000 BTC, or $2.5 billion at today’s prices, which means that 36 times more criminal bitcoin was received by crypto exchanges in countries where AML is either lax or lacking.

The CipherTrace reports analyzed 45 million transactions at 20 top cryptocurrency exchanges globally between January 2009 until September 20, 2018. “There are likely 50% more criminal transactions than those that were traced for this report because criminals are typically very clever and deft at hiding their tracks,” the cybersecurity firm commented.

“This extensive research shows that regulation does have a direct correlation in hindering criminal activity, and we are on the right track to instill further trust in the crypto ecosystem. We will see the opportunities to launder Cryptocurrencies greatly reduced in the coming 18 months as Cryptocurrency AML regulations are rolled out globally,” commented Dave Jevans, CEO, CipherTrace and co-chair of the Cryptocurrency Working Group at the APWG.org.

The study shows that efforts to enact and enforce strong cryptocurrency Anti-Money Laundering (AML) regulations are drastically reducing criminal activity on digital currency exchanges.

It also marked a steadily growing number of cryptocurrency thefts, which included several heists in the $20-$60 million range; the data indicates a pattern of smaller robberies on a regular basis and sophisticated professional cyber thieves who carry out hacks at both the exchange and platform.

In the 2018 Q2 Cryptocurrency Anti-Money Laundering Report, CipherTrace revealed a three-fold increase in cryptocurrency thefts during the first half of 2018 compared with the entire year of 2017. Most notable were the $530 million worth of tokens stolen in Japan from Coincheck and $195 million worth of tokens stolen from BitGrail.

According to CipherTrace, criminals are expected to quickly launder the stolen tokens before stronger cryptocurrency anti-money laundering controls are deployed globally over the next 18 months.

Global standard for cryptocurrency anti-money laundering to be agreed

The global anti-money laundering task force has said it is closer to establishing a worldwide set of standards to apply to virtual currencies.

The president of the Financial Action Task Force, Marshall Billingslea, said he is optimistic that at its plenary, due in October, the FATF will agree a series of standards that will close the anti-money laundering “gaps” that all nations face.

“It is essential that we establish a global set of standards that are applied in a uniform manner,” he added.

The task force has accelerated its work and made significant progress on reaching a “consensus across nations” after the G20 requested the organisation tackle the issue as a matter of urgency.

In October, the FATF will discuss which of its existing standards need to be updated to address virtual assets, since its current recommendations do not acknowledge them. It will then revise the methodology it uses to assess how countries implement these standards and when this revised assessment methodology will take effect.

Mr Billingslea, who is also assistant secretary to the US secretary, said currently the adoption of anti-money laundering standards and regimes pertaining to digital assets and virtual currencies is “very much a patchwork quilt or spotty process,” which is “creating significant vulnerabilities for both national and international financial systems”.

China and South Korea have clamped down on the sector, while other countries — including France, Switzerland, Malta and Gibraltar — are drawing up regimes for formally policing the space in an attempt to attract fintech business.

UK MPs also highlighted on Wednesday the urgent need to regulate “Wild West” crypto-asset markets. The Commons Treasury select committee warned that a dearth of regulation around crypto-assets had left investors exposed to a “litany of risks” — without any of the protections usually afforded to consumers, such as access to compensation.

Cryptocurrencies are not regulated by central banks but are held digitally via electronic identities that in many cases allow their owners to remain anonymous. As a result, they have been linked to payments for prohibited goods such as guns and drugs and are a target for hackers.

Mr Billingslea said there were concerns of an emerging use of virtual currencies by terrorist organisations including Isis, as well as in extortion schemes, such as the WannaCry attacks.

His comments come after some observers argued that authorities such as Europol, Europe’s law enforcement agency, should devise a centralised system that flags cryptocurrency wallets linked to nefarious activities to major exchanges, so that they can block the owners from exchanging those funds for hard cash.

Despite the risks associated with digital assets, Mr Billingslea said they also presented “a great opportunity”. In terms of regulation, he said, “you can’t tilt too far in one direction or another” since blockchain, the technology that underpins virtual assets, “will continue to evolve”.

https://www.ft.com/content/1a67f6b2-bbf7-11e8-94b2-17176fbf93f5

Jailed Bitcoin expert subject of three-way fight over money-laundering inquiry

https://www.thenational.ae/business/technology/jailed-bitcoin-expert-subject-of-three-way-fight-over-money-laundering-inquiry-1.766673

A cryptocurrency expert languishing in a Greek jail may have a vantage point on a tantalising issue – how Russians in US Special Counsel Robert Mueller’s crosshairs used Bitcoin to obscure their money trail.

The expert, Russian citizen Alexander Vinnik, was detained last year after US prosecutors in San Francisco accused him of supervising a digital-currency exchange that helped criminals launder billions of dollars. That exchange, according to cryptocurrency analysis company Elliptic, handled some Bitcoins traced to Fancy Bear, a hacking unit. Fancy Bear is one of the names for the Russian military intelligence officers who Mr Mueller separately accuses of stealing and releasing Democrats’ emails to sway votes in the 2016 elections.

Three countries are fighting to extradite Mr Vinnik: Russia, France and the US. The link outlined by Elliptic could explain why – and why Russia has threatened retaliation against Greece if it hands him over to one of the others.

The next turn in the Greek matter comes Tuesday. The country’s Supreme Court is set to rule on extradition requests from France and Russia, which both allege that Mr Vinnik committed cybercrimes against their citizens.

Mr Vinnik is one of multiple Russian hackers indicted by the US, some of whom could provide insights into Russian cybercrime beyond their individual cases.

Yevgeniy Nikulin, who was extradited from the Czech Republic and is charged in San Francisco with hacking LinkedIn and Dropbox in 2012, is of interest in the US inquiry into election meddling, a Justice Department official said last week. Peter Levashov, a Russian programmer who has claimed he worked for Vladimir Putin’s ruling party, is charged in Connecticut with cybercrimes linked to spamming.

Mr Vinnik denies the US money-laundering accusations, according to his lawyer, Ilias Spyrliadis. He had no control over the $9 billion (Dh33.06bn) in Bitcoin that US prosecutors in San Francisco say ran through BTC-e, the cryptocurrency exchange, the lawyer said.

Mr Vinnik won’t comment on the Russian fraud accusations, Mr Spyrliadis said, and he denies the French charges including money laundering. Still, as an alternative to extradition, Mr Vinnik has offered to work with Greek and possibly other authorities from his current location, the lawyer said.

In the San Francisco case, the US says that Mr Vinnik and BTC-e catered to cybercriminals and allowed them to launder criminal proceeds from Bitcoin and other digital currencies and turn them into cash. The exchange didn’t vet customers, letting them move money in and out anonymously. To set up an account, according to the indictment, all a person needed was a username, password and email address, which often bore no relationship to the identity of the user.

That sort of service matches a description by Mr Mueller of how the Russian military intelligence officers layered transactions through cryptocurrency exchanges to maintain anonymity when they bought time on servers they used to launch attacks.

Elliptic used details provided in the indictment, such as a transfer of exactly 0.026043 Bitcoin on February 1, 2016, to search the electronic register of all Bitcoin transactions – known as the blockchain – to find specific payments. It then used software it has developed to identify the origin of the funds for those transactions.

“There was a strong link between much of the funds allegedly used by the Fancy Bear group and BTC-e,” said Tom Robinson, Elliptic’s chief data officer. “What I can’t say for certain is whether Fancy Bear obtained them directly from BTC-e, or whether there was an intermediary.”

Mr Vinnik couldn’t have known who, really, was using the platform, Mr Spyrliadis said. While Mr Vinnik was an expert working for BTC-e he was “in no way running it”, the lawyer said.

“Mr Vinnik could sometimes see a passport and ID when performing the transactions, but was in no place to know whether this person was using a fake ID, whether he or she was wanted by Interpol or involved in anything,” he said.

The US has been trying to get its hands on Mr Vinnik for more than a year. Greece’s Supreme Court ruled in December that he could be extradited to the US to face the charges in San Francisco. But the process has been stalled by the requests from Russian and France. Greece’s Supreme Court may well approve both the French and Russian requests, Mr Spyrliadis said.

That would punt the decision to Greece’s new justice minister. Before coming to any resolution on extradition, the Greek Justice Ministry will also need to examine a political asylum request by Mr Vinnik. A justice ministry spokeswoman said the minister couldn’t comment on the case as he has just assumed his post.

A co-operating Mr Vinnik would open the door to the US gaining strategic information on Russian hackers, said Arkady Bukh, the lead lawyer defending Mr Nikulin. Getting access to emails, names and bank accounts related to Russian hacking is what Mr Vinnik’s case in the US is really about, said Mr Bukh, who isn’t representing Mr Vinnik.

Cryptocurrency exchanges are “extremely important and of great interest to the US”, said Mr Bukh. He had been in touch with Mr Vinnik’s friends about getting him legal representation outside of Greece, he said.

But first, the US would have to get its hands on Mr Vinnik, something Russia appears dead set against.

A Greek regional court approved the French extradition request in July. Russia immediately lashed out at the country: “It is obvious the Russia cannot leave these actions unanswered,” its foreign ministry warned.

Later that same day, July 13, Mr Mueller rolled out his indictment against the Russian military intelligence officers.

Swiss watchdog to propose looser anti-money laundering rules for fintechs

By Brenna Hughes Neghaiwi

ZURICH (Reuters) – Swiss financial regulator FINMA is planning to loosen anti-money laundering rules for smaller financial technology firms, part of a drive to boost innovation and shore up the country’s position as a leading money management hub.

The revisions, prompted by a new ‘fintech’ licensing category carved out by the Swiss parliament in June, will clarify how non-banks applying for the new license must ensure due diligence.

“As a rule, all financial institutions are subject to similar due-diligence requirements relating to combating money laundering. However, as most fintech license applicants are likely to be smaller institutions, FINMA proposes to introduce some organizational relaxations for such institutions,” the financial supervisor said in a statement on Tuesday.

Its proposal defines small institutions as those with gross revenues under 1.5 million Swiss francs ($1.5 million).

Under its terms small institutions, unlike banks, will not for instance have to establish an independent anti-money laundering unit with monitoring duties, it said.

The move comes after Switzerland’s parliament voted in June to amend the Swiss Banking Act, creating a new fintech license category to ease rules imposed on financial endeavors that take in funds and provide certain bank-like functions, but do not make money by investing or receiving interest on the funds.

Switzerland, the world’s largest center for offshore wealth, has gained prominence in recent years as a hub for financial technology providers, such as banking software groups Temenos (TEMN.S) and Avaloq AVLN.S, as well as cryptocurrency projects.

But advocates have warned that as banks face increasing margin pressure and tougher competition from technological rivals, more must be done to promote innovation if Switzerland is to remain a leading financial hub.

The new license, intended to promote financial innovation, will apply to groups which accept public deposits of up to 100 million francs but don’t invest the funds or pay interest.

It will likely have the biggest immediate impact on activities such as crowdfunding, which under current rules could often require a banking license.

Cryptocurrency projects — which often fall under anti-money laundering or securities regulations under FINMA’s current guidelines but generally don’t require a banking license — are unlikely to be affected by the changes.

The federal government plans the amendments to take effect from Jan. 1, and FINMA said its own adjustments to the Anti-Money Laundering Ordinance should enter into force simultaneously, if possible.

FINMA opened a review period for its proposal on Tuesday to run through October 26.

($1 = 0.9957 Swiss francs)

They froze computers, then demanded ransom. A former FIU student is going to prison

A former FIU graduate student received an 18-month federal prison sentence this week for helping computer extortionists launder more than $93,000.

From October 2012 to Marc 27, 2013, while at FIU, Raymond Uadiale’s version of unofficial work-study involved moving extorted money for those who wielded a type of ransomware called “Reveton.” Uadiale, now 41, went to work for Microsoft as a network engineer after the scheme ended.

That job ended in March, the same month Uadiale was indicted on money laundering charges.

As explained in Uadiale’s admission of facts, “When Reveton infected a victim’s computer, it would display a splash screen that included the logo of a law enforcement organization and a message falsely informing the victim that the law enforcement organization had found illegal material on the infected computer. The Reveton ransomware splash screen would direct the victim to pay a “fine” in order to regain access to the computer and its data.”

Scam Smashing Tip No. 1: No law enforcement agency legally does business by demanding cash on the spot. And if you have illegal material on your computer worth law enforcement’s time, your punishment will come from a court and likely will be stiffer than a fine.)

To pay the “fine,” the person would be told to buy a GreenDot MoneyPak, which works something like a Starbucks card and is available at many stores. Then, they would put the MoneyPak account number into a form on the ransomeware splash screen. This sent the account number to the person controlling the ransomware from the United Kingdom, called in Uadiale’s admission “Co-conspirator 1.”

Uadiale bought prepaid debit cards and sent those account numbers across the Atlantic to Co-conspirator 1. GreenDot’s online transfer system allowed Co-conspirator 1 to move the extortion money from the MoneyPaks to the debit cards. Or, Co-conspirator 1 would send the MoneyPak account numbers to Uadiale and he would do the transferring of funds.

With the money on the debit cards held by Uadiale, he then hit ATMs or other places around South Florida he could use for withdrawing money off the cards.

“Using an account with the digital currency platform Liberty Reserve, the defendant would transfer the approximately 70 percent of the funds loaded onto the debit cards back to Co-conspirator 1,” Uadiale’s admission of facts states. “The defendant and Co-conspirator 1 agreed that the defendant would send Co-conspirator back approximately 70 percent of the funds loaded onto the defendant’s debit cards, while the defendant would keep the remaining amount for the defendant’s payment and to cover transaction fees.”

At those black market transaction rates, Uadiale made just over $40,000 in those months.

Arizona Bitcoin Trader Handed 41-Month Jail Time for Money Laundering Read more: https://cryptovest.com/news/arizona-bitcoin-trader-handed-41-month-jail-time-for-money-laundering/

By Maryam Manzoor

A Bitcoin (BTC) trader from the US state of Arizona has been sentenced to 41 months in federal prison after he was found guilty of money laundering, the Department of Justice said in a statement on Wednesday.

Thomas Mario Costanzo, 54, known online as Morpheus Titania, will get credit for the time he has already served since his arrest in April 2017.

At the end of March, Costanzo was was found guilty of five counts of money laundering by a federal jury in Phoenix. Federal agents launched an investigation into the suspect in 2014, after Costanzo posted on an exchange website, claiming he was prepared to engage in cash transactions of up to $50,000.

When approached by undercover federal agents posing as drug dealers, Costanzo “provided them with Bitcoin and told them it was a great way to limit their exposure to law enforcement”.

“The jury found that over a two-year period, Costanzo took $164,700 in cash from the agents (whom he believed to be heroin and cocaine traffickers) and exchanged it for Bitcoin in order to conceal and disguise the nature, location, source, ownership, and control of the drug proceeds,” the statement reads.

Last year, federal agents conducted a raid on Costanzo’s home, on suspicion of unlawful possession of ammunition and money laundering via cryptocurrencies, which resulted in his arrest. The jury also found him guilty of using Bitcoin to buy drugs, and aiding other individuals in similar purchases by providing the with Bitcoins.

At its March conviction, the Justice Department acknowledged that Bitcoin may be used for legitimate purposes, as anyone can get BTC from a commercial exchange, paying about 1.5% as a commission. For comparison, Costanzo charged some 7% to 10% in his peer-to-peer transactions.

In addition, the court ruled that the 80 BTC (now worth more than $600,000), provided by Costanzo to the undercover agent as part of the final $107,000 money laundering deal are to be forfeited.

Digital currencies’ potential for usage in illicit activities such as fraud and money laundering is among the most frequently cited concerns by cryptocurrency detractors. Bitcoin has been dismissed by countless critics as a vehicle for crime. A study conducted earlier this year revealed that cybercriminals specifically target cryptocurrencies, as the anonymity they provide makes them ideal for laundering criminal proceeds.

Recent reports of crypto crime include Japanese organized crime groups and California’s “Bitcoin Maven” who was recently sentenced to one year in jail for laundering Bitcoins worth millions of dollars.

 

‘Clash of Clans,’ Other Mobile Games Being Used for Money Laundering (Report)

By Liz Lanier

A fun time-killer for some, popular mobile games like “Clash of Clans” are being used to launder stolen credit card money by tech-savvy thieves, according to a report from German cybersecurity company Kromtech.

In the report, initially noted on Gamasutra, it was found that over 20,000 stolen credit cards were used in games like “Clash of Clans,” “Clash Royale,” and “Marvel Contest of Champions.” The thieves can make purchases and then resell the accounts with the purchases to a third-party, wiping their hands of any connection to the stolen credit card information.

It’s a relatively easy process, as Apple IDs, which are required to make purchases on the App Store, only need a password, date of birth, some security questions, and then an email address— and a dummy email address is easy enough to make that its not really a hindrance. Especially for the thieves, who were reportedly automating the account making process, which in turn automated the money laundering process.

Kromtech traced the stolen data being used in “Clash of Clans” back to hacked MongoDB databases, one of which stored information of more than a hundred thousand credit cards.

“The tool we found and its users currently work with countries such as Saudi Arabia, India, Indonesia, Kuwait, and Mauritania,” the report states. “We do not know if this was simply because the tool and Facebook page is new and this is just due to initial users, or if operating through these countries provides some kind of additional benefit to the thieves.”

In the report, Kromtech is advising developers to secure the process by which users can make new accounts, to guard against those who might make an automated tool to generate mass accounts.

Automated money-laundering scheme found in free-to-play games

An unsecured MongoDB database has exposed what security researchers say is an automated money-laundering operation. The scam involves credit card thieves automatically creating fake Apple accounts and gaming profiles to profit from transactions on gaming sites.

On Monday, Kromtech’s Security Center explained that crooks are reaping profits from games that are free to play by reselling resources – for example, gems, gold, other virtual objects that give players extra abilities (known as power-ups), or games themselves.

It’s a rich vein to mine: according to one report, the gaming industry saw revenues of $108.4bn in 2017, with most of it – $82bn – coming from free-to-play titles.

Kromtech communications director Alexander Kernishniuk said in a post that money laundering in app stores is far from a new idea: in 2011, for example, Apple’s App Store was flooded with expensive, oddball apps that nobody was actually buying, the bulk of them from China.

Money laundering is one thing, but Kromtech wound up finding something Kernishniuk called “much more sophisticated.”

While conducting security audits of unsecured MongoDB databases, security researchers saw a newly created, “strange” database – open to the public, with no passwords or credentials required – that held a large number of credit card numbers and personal information. Given that the groups of records were in round numbers – 10K, 20K, 30K – the records were likely bought on the market for carders: i.e., those who buy stolen credit card numbers in large lots.

Kromtech researcher Bob Diachenko told Bleeping Computer that the group had it down to a science: they were using a special tool to create iOS accounts using valid emails accounts, then they were adding a stolen payment card’s details to one of the new iOS accounts.

Then, they used another automated tool on jailbroken iOS devices to spread the workload, which consisted of installing games, creating in-game accounts, and buying game features or premiums that they later re-sold online for real money.

The database was only a few months old. The credit card thieves were using the records to target just three games: Clash of Clans and Clash Royale, both from game maker Supercell, and Marvel Contest of Champions, from Kabam. The three games – all together, the trio has 250 million users – have a very active third-party market for selling resources.

Kromtech said that the automated tool its researchers found, and its users, currently work with countries such as Saudi Arabia, India, Indonesia, Kuwait, and Mauritania. The database contained 150,833 unique card entries, each with full card number, expiration date, and CCVs. The cards belonged to 19 different banks.

Kromtech says that it’s easy to automatically create new accounts on a large scale because Apple only requires a valid email address, a password, a date of birth, and three security questions to create an Apple ID. Email accounts from various providers are also very easy to create en masse, with little verification required. Put the two together, and accounts could be churned out lickety-split, in great numbers.

But wait, there’s still more automation yet in this scheme: not only did the crooks automatically create accounts, they also automatically filled in credit card details until they hit on a valid one, then they automatically purchased games and resources, automatically posted games and resources for sale, used a digital wallet for order processing, and used multiple Apple devices to distribute the load.

Kromtech:

The end result, an automated money laundering tool for credit card thieves.

There are a few hurdles that should slow down this type of automated thievery. For one, email services could require phone verification, which some are, in fact, doing. VoIP burner numbers are still easy to get, but at least phone verification would make it tougher to get email accounts in bulk.

For another thing, Apple does try to validate the credit cards by charging and then refunding, $1. But Kromtech isn’t impressed by the company’s verification processes, given that researchers spotted many transactions that went through using cards that had an incorrect name and address.

Perhaps verification is minimal due to the low dollar amount of the charge, but a stricter credit card verification would make it a bit more difficult for the carders.

Kromtech has notified the US Department of Justice about the operation. Ditto for Supercell and Apple. I’ve reached out to Apple for a comment and will update the story if I hear back.

While the focus here is on Apple, Google Play isn’t immune to this type of abuse too. Kromtech’s researchers said they saw instructions on how to rebind Google accounts, with payments, to user IDs in Supercell. Rebinding means that a player can log-in on other devices, as long as they remember their binding details.

Don’t play into the scammers’ hands

Kromtech advised players not to fall for offers of cheaper gems/diamonds. They’re scams. Such third-party services request private login data such as Apple ID or your Google Play credentials to access your account, but they often hijack the account and sell it to other players. Also, once they have access to your credentials, scammers can jeopardize not only your gaming security but your financial security, as well.

If that’s not harsh enough, buying gems or diamonds from third-party vendors can lead to having your in-app currency revoked, or even get your account permanently banned.

Finally, here’s a rare thumb’s-up for unsecured databases: Like we’ve said in the past, they’re still the low-hanging fruit of the internet.

MongoDB, a NoSQL database, turns up all too frequently in security-breach headlines, which is why we always urge people to make sure they read the security manual of whatever NoSQL database service they’re using, and that they implement all the available security controls.

However, fortunately for all of us law-abiding citizens, carders and other crooks are also mere humans, prone to the same poor database security that others grapple with. This money-laundering scheme came to light because of it – a rare instance of a silver lining on a security failure!

Peer-to-Peer Crypto-Exchanges: A Haven for Money Laundering

By Tara Seals

Buyers and sellers can exchange cash in person, transfer bank funds online or can exchange funds for prepaid cards, gift cards or other cryptocurrencies.

The need to launder money is omnipresent in the criminal world, and lately, a new way of doing it has come to the fore: peer-to-peer cryptocurrency exchanges.

These exchanges offer one-to-one relationships and transactions; buyers and sellers of virtual currency sign-up with their location information, IP address and other data to verify their identity, link to their wallets, and from there can swap and cash out currencies with other people who decide to trust them. Parties sometimes take the relationship offline too, meeting face-to-face to close out deals. After striking a bargain, a buyer can exchange cash in person, transfer bank funds online or can exchange funds for prepaid cards, gift cards or other cryptocurrencies.

These platforms offer an alternative to the marketplace methods represented by big Bitcoin exchanges such as Coinbase, and many users feel they can get better deals and a better service experience by using them. There’s another difference though: Peer-to-peer exchanges are decentralized and often lack the accountability, security and transparency measures used by the larger players.

Coinbase for instance monitors for dark web activity and recently implemented the Know Your Customer identity verification service (not that it’s not in hot water in other ways), which in theory makes it harder for criminals to launder money or use the funds to buy items from the underground. So, peer-to-peer alternatives have started to be a go-to choice for criminals looking to take advantage of the anonymity of cryptocurrency.

“Although certain peer-to-peer cryptocurrency exchanges might willingly cooperate with law enforcement, there are readily available methods that threat actors utilize while laundering their illicitly gained funds to maintain anonymity,” said Flashpoint, which flagged the increasing criminal activity on the exchanges in a post Monday. Intelligence analyst Kathleen Weinberger told Threatpost that these include tried-and-true methods like using forged documents to sign-up for the services.

“A lot of what’s going on here is just a criminal rather than a technical story,” she said in an interview. “It’s easy to look for a technical solution to prevent this – there certainly is one (or rather a thousand of them). But there’s pressure on services to try and make their service usable – they don’t want their average user having to struggle for days to have their identity verified. At the same time, they have to make sure that this isn’t getting in the way of things being safe and accountable.”

Being a relatively new arena, that’s a work in progress. So for now, “it’s law enforcement having to crack down on those buying and selling identities and fake documents to combat this,” she said.

Law enforcement has seen some successes despite the hurdles that the exchanges present; for instance, OxyMonster, a notorious dark web purveyor of drugs and other illicit goods, was nabbed in May after detectives made a connection between a Facebook page and his dark web site on the Dream marketplace. Even though he was using a peer-to-peer Bitcoin “tip jar” for transactions, they managed to track him down by other means, arresting him as he entered the country from France, on his way to a beard contest in Miami.

Because of this Wild West element, Flashpoint analysts have observed a growing number of underground discussions around using these exchanges for criminal means, including recommendations around certain peer-to-peer services that threat actors consider valuable or the safest. Some discussions include listings of established—also known as “aged”—local exchange accounts for sale, which are less likely to be flagged for fraud because they have the appearance of long-term use.

“Discussions among threat actors in these forums primarily are concerned with recruiting others to cash-out schemes,” explained Flashpoint. “They also spell out the prerequisites for others to join and the terms necessary to convert stolen funds to Bitcoin or Monero, even in large amounts.”

Some discussions around peer-to-peer exchanges date back at least four years, but the interest is growing and likely to continue as larger exchanges stiffen their security controls.

“We’ve seen threat actors on a daily or weekly basis looking for ways to clean Bitcoin or Monero – it’s not a huge secret,” Flashpoint intelligence analyst Carles Lopez-Penalver said in an interview. “It’s somewhat easy to commit tax fraud and money laundering in general, or to purchase drugs with these methods, so the government needs to crack down. I appreciate blockchain technology – but I think that there has to be a better understanding of what’s happening out there, and that people doing very bad things with cryptocurrency.”

© Copyright 2018. The Anti-Money Laundering Association. All Rights Reserved