Suspects Allegedly Used Phishing Techniques to Help Steal Over $16 Million
Two Russian nationals have been charged with using phishing techniques and spoofed domains to steal over $16 million from three cryptocurrency exchanges in 2017 and 2018, according to the U.S. Justice Department.
Danil Potekhin and Dmitrii Karasavidi face charges that include conspiracy to commit computer fraud and abuse, computer fraud, conspiracy to commit wire fraud, money laundering conspiracy and aggravated identity theft, according to a superseding federal indictment unsealed Wednesday.
The two most serious charges – conspiracy to commit wire fraud and conspiracy to commit money laundering – each carry a maximum 20-year prison sentence.
In addition to the criminal charges, the Treasury Department issued sanctions against both Potekhin and Karasavidi to assist the Justice Department with recovering some of the allegedly stolen cryptocurrency. The sanctions mean that American citizens and companies are now forbidden to do business with either of the two suspects in this case.
Federal prosecutors did not indicate whether Potekhin and Karasavidi continue to live in Russia outside the reach of U.S. law enforcement.
The scheme that led to the theft of approximately $16.8 million in cryptocurrency started in July 2017, according to the Justice Department.
Potekhin and Karasavidi allegedly targeted three cryptocurrency exchanges: Poloniex of Delaware and Gemini Trust Company of New York, as well as Binance, which was located in Hong Kong and has since moved to Malta, according to court papers.
Potekhin created spoofed domains that resembled legitimate cryptocurrency exchanges, according to federal prosecutors. Then, he and others used phishing emails to trick victims into visiting these malicious domains and entering their email addresses, passwords and other personal information, which were then harvested by the fraudsters.
Once Potekhin collected the stolen credentials, he and others began accessing customer accounts to steal cryptocurrency or launder their digital funds, according to the Justice Department.
Potekhin and Karasavidi were allegedly able to access digital wallets and steal large amounts of cryptocurrency, which included bitcoin as well as ether virtual coins, according prosecutors. Over the course of several weeks in August 2017, for example, the two managed to steal about $700,000 from Poloniex customer accounts, the indictment notes.
In addition stealing credentials from exchange customers to access their cryptocurrency, Potekhin and Karasavidi manipulated some virtual currency markets to make an illegal profit, prosecutors allege.
In 2017, Potekhin and Karasavidi used their access to the compromised and fictitious Poloniex accounts to buy an inexpensive virtual currency called GAS, the indictment states. In October of that year, the two men then accessed three other compromised cryptocurrency accounts worth a total of $5 million and began buying GAS virtual coins, which quickly inflated the price from $18 to more than $2,400, the Justice Department alleges.
“The defendants and their co-conspirators then quickly converted the digital currency in their fictitious accounts from GAS to bitcoin and other digital currencies, causing the value of GAS to plummet and leaving the value of GAS that remained in the victim customer accounts worthless, causing a loss to these three victims of approximately $5 million,” according to the Justice Department.
Both Potekhin and Karasavidi attempted a similar currency manipulation scheme in March 2018, according to the indictment. Federal prosecutors believe the two men compromised or created over 300 accounts within the Poloniex exchange as well as 142 accounts on Binance and 42 on Gemini.