The US Department of Justice has announced the establishment of the National Cryptocurrency Enforcement Team (NCET). The unit, which will specialise in crypto-related crime, has also appointed its first director – long-time prosecutor Eun Young Choi.
The Federal Bureau of Intelligence (FBI) released a statement on February 17 detailing the announcement. NCET aims to counter the criminal misuse of digital assets, and the team will be composed of prosecutors with backgrounds in crypto, money laundering, forfeiture and cybercrime. The proliferation of ransomware will be a particular concern of the unit.
Director Choi, who has a decade’s experience as a cybersecurity prosecutor, has stated she is excited to lead the team:
[As the world of] digital assets grows and evolves, the department, in turn, accelerates and expands its efforts to combat their illicit abuse by criminals of all kinds.
NCET director Eun Young Choi
The NCET announcement has stirred a lot of discussion on Twitter, with many questioning whether the US government has ulterior motives:
Scammer scapegoat for total financial surveillance.
The US government has intervened in several crypto-related matters over recent years. Notably, the Justice Department impounded US$3.6 billion in bitcoin earlier this month. This was accompanied by the arrest of a would-be rapper and her husband on charges of conspiring to launder some of the funds, part of the proceeds of the notorious Bitfinex hack of 2016.
In late 2021, US law enforcement seized an impressive US$154 million in bitcoin that had been stolen from Sony Life Insurance Company Ltd. The money had been embezzled by a rogue employee using a business email compromise.
In what is claimed to be the first haul of its kind in the UK, tax authorities have seized three NFTs valued at US$1.9 million as part of an investigation into an elaborate tax evasion scheme.
On February 14, Her Majesty’s Revenue and Customs (HMRC) arrested three people alleged to have conducted the fraud, which involved the use of false identities and a vast network of 250 fake ‘shell’ companies. In addition to the NFTs, other digital assets valued at approximately A$9,500 were also seized.
A Questionable Milestone?
Many in the crypto community saw the seizure as something of a milestone and an official acknowledgment that NFTs can be genuinely valuable assets, similar to real estate or motor vehicles – even as they joked about it:
One user joked about NFT asset seizures. Source: @3thirty3tv via Twitter
It’s important to note that the NFTs were not actually used to commit the fraud, but seized as assets. It’s common practice for authorities to impound assets in tax-evasion cases to cover the cost of court proceedings and lost tax. What makes this case exceptional is that authorities have seized NFTs as assets for the first time.
Remember the Bitfinex hack of 2016? Well, this real-life story is now coming to Netflix as a documentary series about the married couple who allegedly laundered part of the proceeds of the hack – an aspiring rapper called Heather Morgan and her husband, Ilya “Dutch” Lichtenstein, both arrested in New York last week.
Streaming giant Netflix will produce the series centred on the Bitfinex hack, which amounted to 120,000 BTC or around US$4.5 billion. It will be directed by American filmmaker and producer Chris Smith.
Netflix is making a series about the Bitfinex hack by a "magician and rapper" in which 120,000 #Bitcoin were stolen. 🤡😎 pic.twitter.com/qtPMKh0tLV
Morgan and Lichtenstein were arrested on charges of laundering over US$3.6 billion worth of Bitcoin, almost three-quarters of the hack’s total proceeds. Investigators tracked movement of the assets on the blockchain as the couple tried to liquidate them by buying and selling NFTs (non-fungible tokens), physical gold, using fake identities and online accounts.
Whale Alert Spots 10,000 BTC From Bitfinex Hack
Earlier this month, Whale Alert reported that almost US$400 million in proceeds from the Bitfinex hack had been transferred to an unknown wallet.
⚠ ⚠ ⚠ ⚠ ⚠ ⚠ ⚠ ⚠ ⚠ ⚠ 10,000 #BTC (383,540,711 USD) of stolen funds transferred from Bitfinex Hack 2016 to unknown wallethttps://t.co/kvvWQpZoq8
As an interesting side note, the LEO token, which is a basic exchange utility token used on Bitfinex to lower trading, blew up 60 percent in value following the seizure of the 120,000 BTC.
While the marketplace has had to pause NFT sales, one part of the platform that sells NFTs of tweets, called “Valuables”, remains active.
People Selling Content They Didn’t Own
Cent, most famous for helping Jack Dorsey auction an NFT of his first tweet for US$2.9 million last year, has paused most transactions because it claims people were selling tokens of content that did not belong to them. Cameron Hejazi, CEO and founder of the company, said Cent called the halt on February 6.
Sales of NFTs generated US$25 billion in 2021, so it is expected that reports of scams, counterfeits and “wash trading” have become commonplace. Some Twitter users grabbed the opportunity to mock the situation:
How unexpected. Who could possibly have predicted this.
According to Hejazi, “There’s a spectrum of activity that is happening that basically shouldn’t be happening – like, legally.” The CEO also highlighted three main problems active in the marketplace:
people selling unauthorised copies of other NFTs;
people making NFTs of content that does not belong to them; and
people selling sets of NFTs that resemble a security.
Hejazi added that these issues were “rampant”, with users “minting and minting and minting counterfeit digital assets”.
It kept happening. We would ban offending accounts but it was like we’re playing a game of whack-a-mole … Every time we would ban one, another one would come up, or three more would come up.
The US Justice Department has impounded US$3.6 billion in bitcoin and arrested a would-be rapper and her husband for conspiring to launder some of the funds – believed to be among the proceeds of the infamous Bitfinex hack of 2016.
According to the FBI, Heather Morgan and her husband Ilya Lichtenstein spent part of the proceeds on gold, NFTs, and other items. Each faces up to 25 years in a federal prison if convicted.
Rather than keep a low profile as you’d expect of alleged crypto criminals, Morgan in particular has a social media presence befitting her status as an aspiring rapper, published writer and influencer. She even has a website dedicated to her rapper alter-ego, named “Razzlekhan”:
DOJ just arrested two individuals and seized $3.6 billion of bitcoin related to the 2016 Bitfinex hack.
Heather Morgan, "also known as RAZZLEKHAN," is one of the two individuals involved in the alleged scheme.
Morgan’s LinkedIn profile notes her economics degree, while as a journalist the 31-year-old has been published in Inc and Forbes magazines, with the latter running an article of hers ironically titled “How to Protect Your Business From Cyber Criminals”.
How the FBI ‘Followed the Money’
The Bitfinex hack involved the theft of 119,756 bitcoin (worth just US$72 million at the time) following a security breach at the exchange. The amount stolen is now valued at more than US$5.1 billion.
In the five years since the hack, small amounts of BTC have periodically been moved in separate transactions, leaving the bulk of the funds untouched. The Justice Department traced 25,000 BTC of these transferred funds to financial accounts controlled by Lichtenstein and Morgan. Special agents were then able to gain access to and seize more than 94,000 BTC – worth US$3.6 billion at the time – from Morgan and Lichtenstein after a search warrant allowed them to view files containing private keys to several wallets, which just days ago were consolidated into a single wallet.
Morgan and Lichtenstein allegedly used a variety of methods to launder the illicit crypto, including chain hopping, depositing the coins at exchanges and darknet markets and withdrawing them, and automating transactions using computer programs. In addition, the pair set up business accounts in the US to “legitimise their banking activity”.
“[These] arrests, and the department’s largest financial seizure ever, show that cryptocurrency is not a safe haven for criminals,” said US Deputy Attorney General Lisa Monaco.
“The [Justice] department once again showed how it can and will follow the money, no matter what form it takes.”
US Deputy Attorney General Lisa Monaco
The Justice Department must, of course, still prove its allegations in court that Morgan and Lichtenstein laundered the US$4.5 billion in bitcoin stolen from Bitfinex in 2016. The hack is a separate matter.
Ice Poseidon, also known as Paul Denino, a YouTube streamer and internet personality, has admitted to scamming fans out of US$500,000 in a crypto pump-and-dump scheme. When confronted by YouTuber Coffeezilla, he showed little remorse:
To Be Fair, You Have To Have a Very High IQ to Understand Crypto Scams.
but actually it's incredibly simple —- if Ice Poseidon made $300,000 from two weeks of cryptoscamming, where did that money come from? from thin air? https://t.co/v5aaMDZhDT
🚨BREAKING! The famous livestreamer Ice Poseidon has admitted to taking $500,000+ from his fans in a crypto scam he started called CXCOIN. I confronted Ice on a call and he told me he was going to “look out for himself and not do that” (return the money) FULL VIDEO OUT NOW pic.twitter.com/gsIanC1Ig9
The scheme involved Denino raising the value of new crypto, CXcoin, by getting his many fans to invest. After promising sceptics and doubters that the scheme was a long-term project, he sold all his currency, causing the remainder held by his fans and investors to plummet – classic pump and dump. In July last year, YouTuber Logan Paul was slammed after after Dink Doink, a coin he had been promoting, crashed 95 percent in just two weeks.
In a recent video by Coffeezilla, the YouTuber shared his findings on Ice Poseidon’s CXcoin:
According to Coffeezilla, Denino personally made off with over US$300,000 while using the remaining US$200,000 to pay developers.
During the call between Coffeezilla and Denino, the latter seemed rather remorseless, stating that “part of the responsibility is on them [the fans] as well, for putting too much emotion into it”. Denino added: “Sometimes you have to look out for yourself.”
When asked if he could return the money if he wanted to, Denino replied: “If you want the answer, yeah, I could give the money back, it is within my power, but I am going to look out for myself and not do that.”
In a later Tweet, Coffeezilla said Denino claimed he would be returning US$155,000 after realising the story would be published. However, he has apparently returned only US$40,000 thus far.
Australian mining magnate Andrew ‘Twiggy’ Forrest has launched criminal proceedings against Mark Zuckerberg’s Meta conglomerate, alleging its Facebook social media arm breached Australia’s money laundering laws by failing to police false crypto advertisements.
Forrest, billionaire chairman of iron ore giant Fortescue Metals, has filed his criminal lawsuit against Meta in the Magistrates Court of Western Australia, having already launched related civil proceedings in the US state of California last September.
In charges brought under the Australian Commonwealth Criminal Code, Forrest alleges Facebook has repeatedly failed to remove posts by scammers that used his image, among those of other celebrities, to promote crypto investments on the site since March 2019.
Andrew ‘Twiggy’ Forrest, chairman of Fortescue Metals. Source: cnn.com
According to Forrest’s complaint, the company’s failure to prevent or remove the ads constitutes “criminally reckless” behaviour. Forrest further alleges that Facebook “failed to create controls or a corporate culture to prevent its systems being used to commit crime”.
‘World-First’ Criminal Action Against the Social Media Giant
In a statement, Forrest said he was launching the “world-first” action on behalf of “everyday Australians” to protect their savings from being “swindled away by scammers”.
“I’m concerned about innocent Australians being scammed through clickbait advertising on social media,” Forrest said. “I’m committed to ensuring social media operators don’t allow their sites to be used by criminal syndicates.
Social media is part of our lives, but it’s in the public interest for more to be done to ensure fraud on social media platforms is eliminated or significantly reduced.
Andrew ‘Twiggy’ Forrest, Australian mining magnate
An initial hearing of Forrest’s complaint will take place on March 28, with the separate civil case pending in the Superior Court of California. A Meta spokesperson said the company was unable to comment on either court action, but provided a broader statement about scams on Facebook:
We don’t want ads seeking to scam people out of money or mislead people on Facebook – they violate our policies and are not good for our community. We take a multifaceted approach to stop these ads, working not just to detect and reject the ads themselves but also block advertisers from our services and, in some cases, take court action to enforce our policies. We’re committed to keeping these people off our platform.
Statement from Meta spokesperson
Meta Share Price Tanks, $200B Wiped Off Market Cap
It’s been a pretty ordinary start to the year for Meta, whose share price plunged 26 percent this week in what was the biggest single-day slide in market value for a US company. The drop erased over US$200 billion from Meta’s market capitalisation and around US$29 billion from CEO Zuckerberg’s net worth.
A new information-stealing malware has been spotted in the wild targeting over 40 crypto hot wallets, browsers, and 2-factor authentication (2FA) plug-ins. Named ‘Mars Stealer’, it is an improved version of the older Oski malware that shut down in 2020 after customer support and the Telegram went dark.
The new malware has recently been spotted circulating on Russian-speaking hacking forums where people can purchase it for between US$140 and $160.
Screenshot of the forum. Source: 3xp0rt.com
How ‘Mars Stealer’ Malware Works
According to @3xp0rt, the security researcher who got his/her hands on the malware to conduct technical analysis on it, the Mars Stealer collects information in the memory of a device. With the ability to target 37 browsers and various crypto wallets, including Bitcoin core wallets and all their derivatives as well as Ethereum, Exodus, Binance and more, the threat is widespread:
Wallets targeted by Mars Stealer. Source: 3xp0rt.com
When targeting wallets it stores sensitive data found in wallet.dat which contains the wallet address, the private key to access the address, and other sensitive data. Mars Stealer also targets 2FA apps and more than 40 crypto extensions on Chromium-based browsers, including Google Chrome, Firefox and Brave, but not Opera.
Malware That ‘Speaks’ Only Russian
The malware also contains a function that allows it to remove itself after it has successfully executed or when the operator decides it is time. One of the quirky aspects, though, is that after infecting a system it will check the device language. If the device’s language ID matches that of Russia, Belarus, Kazakhstan, Azerbaijan, Uzbekistan or Kazakhstan, the program will exit without performing any malicious acts, which is apparently common in many Russian-based malware.
Language checks for target exclusion Source: 3xp0rt.com*
How to Protect Yourself
Mars Stealer can be spread through many different channels such as file-hosting websites, torrent clients or any other shady downloaders. Users who hold their crypto assets on browser-based wallets or use browser extensions like Authy to utilise 2FA are warned to be cautious against clicking dubious links or downloads:
If you’ve been putting off buying a hardware wallet, let this be a wake up call. New malware called “Mars Stealer” targets browser based crypto wallets (such as MM). The malware is designed to steal private keys. It’s being sold on the dark web for $140.
DeFi (Decentralised Finance) project Wonderland has seen its native token TIME collapse 60 percent after it was revealed it had been co-founded by Michael Patryn, also one of the co-founders of the now-defunct Canadian crypto exchange QuadrigaCX.
0xSifu Steps Down as CEO of Wonderland
The co-founder and chief financial officer of the Avalanche-based DeFi protocol Wonderland had been known as OxSifu. A user by the name of zachxbt revealed OxSifu was actually Michael Patryn, who continually changed his identity – to the point of undergoing multiple facial surgeries – to avoid detection by police.
1/ This needs to be shared @0xSifu is the Co-founder of QuadrigaCX, Michael Patryn. If you are unfamiliar that is the Canadian exchange that collapsed in 2019 after the founder Gerald Cotten disappeared with $169m
Before he was Michael Patryn, OxSifu went by the name of Omar Dahini, then Omar Patryn. He was part of a criminal organisation called Shadowcrew, whose operations consisted of trafficking stolen credit and identity information using E-gold, a privacy-focused digital currency issued in 1996.
Two faces of Michael Patryn. Source: davidgerard.co.uk
QuadrigaCX was a Canadian crypto exchange owned and operated by Gerald Cotten, who died unexpectedly in 2018, his body cremated before anyone could verify his death. The eerie side is that he took with him more than US$160 million of investors’ money, but Omar (Patryn) and his wife ended up with the majority of the assets.
Everyone ‘Deserves a Second Chance’
Daniele Sesta, the other co-founder of Wonderland, said he knew about Patryn’s criminal past and the numerous Ponzi projects he had led. Despite Patryn’s long criminal record, Sesta decided to keep him on as Wonderland’s treasury manager.
I found out about this one month ago. I am of the opinion of giving second chances, as I have mentioned on Twitter. I’ve seen the community very divided about my choice of maintaining [Patryn] as the treasury manager after finding out who he was and his past.
Daniele Sesta, blog post
This sparked outrage in the Wonderland community, many of whom are accusing Sesta of being Patryn’s accomplice, or even being Patryn himself.
In 2005, he pled guilty to credit and bank fraud
In 2007, he admitted burglary, theft and computer fraud
In 2018, he and his partner “lost access” to $115M in customer funds
I agree that inmates deserve second chances but this is NOT about being convicted.
The voting process to remove Patryn from his positions ended on January 29. with the vote 87.56 percent in favour of removing OxSifu against 12.44 percent voting to keep him.
Sesta Swimming in Hot Water
Wonderland members on Twitter, Reddit, Discord, and all other social media channels related to the project, are now questioning Sesta’s legitimacy and his overall financial background.
An example of Reddit users being up in arms. Source: Reddit
Did Cotten Really Die?
Gerald Cotten reportedly died from Chrohn’s disease in 2018. The keys to the digital vault containing a massive fortune in Bitcoin were buried with him.
The event was so controversial that it was covered by worldwide media, even inspiring documentaries and movies. As Crypto News Australiareported last year, a documentary titled Dead Man Switch was screened at the Melbourne Film Festival in August, leaving a handful of questions unanswered – including whether he had faked his own death in an elaborate “exit scam”.
New research by blockchain data firm Chainalysis shows there has been an estimated US$33 billion laundered through crypto in the past five years, mainly through centralised exchanges, but as of 2021 there has been a major increase in money laundered through DeFi.
Chainalysis has released a preview of its 2022 Crypto Crime Report detailing how illicit funds have been moved over the blockchain and its various services. The total value of cryptocurrencies laundered by services in 2021 was estimated at US$8.6 billion.
Total crypto laundered. Source: Chainalysis
That figure was up 30 percent on the previous year, which was expected, given the boom in both legal and illegal activities in the crypto space. However, the figure is down 23 percent from 2019, which was the most significant year for laundered crypto.
These numbers only account for funds obtained from “cryptocurrency-native” crime, meaning activities such as darknet market or ransomware attacks in which profits are virtually always denominated in cryptocurrency. In spite of the billions of laundered dollars, money laundering accounted for only 0.05 percent of all cryptocurrency transaction volume in 2021.
Destination of funds leaving illicit addresses by crime type. Source: Chainalysis
One thing that stands out is the difference in laundering strategies between the two highest-grossing forms of cryptocurrency-based crime in 2021: theft and scamming. Researchers think this might be because more cryptocurrency was stolen from DeFi protocols than any other type of platform last year, as well as the technical skills required to launder money. For example, a DeFi hacker would have better technical skills and use different means to launder money than a scammer using a centralised exchange.
Easier to Track Laundering on the Blockchain
It’s considerably more difficult to track illicit funds when they are first converted to crypto from fiat. But due to the inherent transparency of blockchains, analysts can more easily trace how criminals move cryptocurrency between wallets and services in their efforts to convert funds into cash.
Destination of funds leaving illicit addresses between 2016 – 2021. Source: Chainalysis
Since 2018, centralised exchanges have been the main conduit for money laundering, with 58 percent of laundered crypto funnelled into just five trading platforms.
Increase in Laundering Through DeFi
Last year, for the first time since 2018, centralised exchanges did not receive the majority of funds sent by illicit addresses. Instead, DeFi protocols are making up much of the difference. The report states that DeFi protocols received 17 percent of all funds sent from illicit wallets in 2021, up from 2 percent the previous year.
YoY % growth in value by category. Source: Chainalysis
This phenomenon translates to a 1,964 percent year-on-year increase in total value received by DeFi protocols from illicit addresses, reaching a total of US$900 million in 2021.
North Korea at the Forefront of Money Laundering
Kim Grauer, Chainalysis’ director of research, says that “there are certain types of criminals in particular that lean into technological advancements more quickly”, adding that “North Korea is always the first to use a new kind of tech solution for laundering money. We follow them each year, and this year they’ve used a lot of mixers. Last year, they were using DeFi.”
This year “is already off to a big start for NFT crime”, Grauer says, pointing to the rise in wash trading on NFT platforms. “This is definitely going to continue.”
