MT.GOX logo on screen smartphone with bitcoin. MT.GOX is popular largest cryptocurrency exchange on the market.

US Feds indict Russian nationals linked to Mt Gox hack, BTC-e laundering

Getting your Trinity Audio player ready...

Mt. Gox was hacked by Russian nationals who used the defunct BTC-e digital asset exchange to launder their ill-gotten gains, according to U.S. federal prosecutors.

On Friday, the Department of Justice (DOJ) announced that it had unsealed an indictment accusing Alexey Bilyuchenko and Aleksandr Verner of conspiring to launder approximately 647,000 BTC tokens stolen from the Mt. Gox exchange in 2011. Additionally, Bilyuchenko is accused of assisting his countryman, Alexander Vinnik, in operating BTC-e from 2011 to 2017.

At the time Mt. Gox was hacked, it was by far the biggest BTC exchange going. The hack, along with its operators’ ham-fisted efforts to obfuscate the reality of the situation, contributed to Mt. Gox’s demise in February 2014. Incredibly, nearly a decade later, Mt. Gox customers are still waiting to achieve partial recovery of their stolen assets.

The indictments say Bilyuchenko, Verner, and their co-conspirators “allegedly gained unauthorized access to the server holding the cryptocurrency wallets for Mt. Gox.” They used this access to transfer the 647,000 BTC from Mt. Gox to wallets controlled by the thieves.

The ill-gotten gains were then laundered through accounts under their control at BTC-e and via the San Francisco-based Trade Hill exchange, which shut down in 2013. Three of the accused also funneled payments to personal accounts at the Bitstamp exchange.

In or about April 2012, Bilyuchenko, Verner, and their co-conspirators allegedly “negotiated and entered into a fraudulent contract to provide purported advertising services to a Bitcoin brokerage service” based in New York.

The thieves used this contract to “conceal and liquidate” their stolen tokens by convincing the unspecified New York broker to “make large wire transfers into various offshore bank accounts, including in the names of shell corporations” under the thieves’ control.

Between March 2012 and April 2013, this broker transferred over $6.6 million in cash to the thieves’ overseas bank accounts. In exchange, the broker received “credit” on another exchange through which the thieves had laundered 300,000 of the BTC stolen from Mt. Gox.

The case is being handled by the U.S. Attorney’s Office for the Southern District of New York’s Complex Frauds and Cybercrime Unit, with the assistance of the Federal Bureau of Investigation (FBI) and the Internal Revenue Service’s Criminal Investigation (IRS-CI) division.

The Mt. Gox indictment was originally filed in December 2019. Given that neither Bilyuchenko nor Verner appears to be in U.S. custody, it’s not entirely clear why the charges have been made public now. However, a separate indictment unsealed Friday may offer some clues.

NorCal v. BTC-e

The DOJ’s announcement of the second indictment in the Northern District of California (NDCA) accuses Bilyuchenko of involvement with Vinnik and others in the operation of BTC-e from its 2011 launch to its shutdown by U.S. authorities in July 2017.

previous version of this indictment—which dates back to May 2016—makes no mention of Bilyuchenko. The listed defendants are Vinnik, Andrey Nikonorov, Stanislav Golovanov, and Alexander Buyanov, all of whom were charged with money laundering conspiracy and operating an unlicensed money services business.

However, the NDCA filed a Superseding Indictment in 2017 “clarifying Vinnik’s role in BTC-e, which included actions previously attributed to Nikonorov, Golovanov, and Buyanov.” Vinnik’s efforts to “conceal his true identity” in regard to his BTC-e activities included “appropriating the identities” of the three other Russian nationals.

Vinnik is currently in U.S. custody, having been extradited from Greece in August 2022 following his arrest by local authorities at the request of their U.S. counterparts. Before that transfer could be made, Vinnik was sent to France to face money laundering charges based on his involvement in ransomware attacks, for which he was sentenced to five years in prison in 2020.

However, U.S. authorities ultimately got their man, leading Vinnik to appeal to Russian officials to arrange a prisoner swap. This campaign remains ongoing, spurred by Russia’s recent detention/kidnapping of a Wall Street Journal reporter on bogus espionage charges.

At its peak, BTC-e had over 1 million customers, some of whom used the exchange to launder the “criminal proceeds of numerous computer intrusions and hacking incidents, ransomware events, identity theft schemes, corrupt public officials, and narcotics distribution rings.” The indictment claims BTC-e received “a substantial portion” of the proceeds of “one of the largest ransomware schemes, CryptoWall.”

Criminals apparently found BTC-e’s utter lack of anti-money laundering and Know Your Customer (KYC) controls very appealing. The defendants are said to have “intentionally created, structured, and operated BTC-e as a criminal business venture” for themselves and unaffiliated crooks.

The indictment claims BTC-e’s criminal activity was “partially enabled and supported” by the Russian-controlled payment processor Mayzus Financial Ltd (formerly UWC Financial Services, which also did business with Liberty Reserve) and its affiliated processor, Money Polo.

Foolishly, BTC-e maintained its servers in the U.S. and catered to a significant number of U.S.-based customers, despite publicly claiming otherwise. These customers included “a pair of corrupt U.S. federal agents, Carl Mark Force and Shaun Bridges,” who each used BTC-e to launder “several hundred thousand dollars” they’d pilfered during the FBI’s investigation of the Silk Road darknet marketplace.

BTC-e publicly celebrated its commitment to due diligence, claiming to require scans of I.D. cards, utility bills, and bank statements when customers opened an account. In reality, “no customer identification whatsoever was required to set up BTC-e accounts,” merely an email address and a user name.

As with the recent U.S. Security and Exchange Commission lawsuit against Binance, which showed internal communications of senior staff openly discussing criminality, the BTC-e indictment reveals that forum messages “openly and explicitly reflected some of the criminal activity in which the users on the platform were engaged, and how they used BTC-e to launder funds.”

The U.S. Attorney’s Office for the NDCA is getting help from the FBI, the IRS-CI, as well as the Secret Service Investigative Division, and Homeland Security Investigations.

Interestingly, the indictment lists the name of the NDCA Assistant U.S. Attorney at the time as none other than Kathryn Haun, who has since embraced digital assets in a major way. Haun formerly served as a general partner at notorious token pumpers/dumpers a16z (Andreessen Horowitz)—and is a director of Coinbase (NASDAQ: COIN), the primary venue for a16z to dump its tokens—before establishing her own Haun Ventures crypto fund.

Roger dodger

Of course, one can’t mention Mt Gox without referencing Roger Ver, who infamously assured the exchange’s customers that all was well mere months before the exchange went under. Since then, Ver has failed to honor a $47 million marker that led to the demise of the CoinFLEX exchange, served as the central figure of an anti-competitive campaign to delist BSV from exchanges, and defamed Dr. Craig Wright.

Predictably, considering his ‘Where’s Crypto Waldo’ status, there’s a Ver link to the DOJ’s case against Bilyuchenko and Verner. A recently unsealed Department of Homeland Security (DHS) report cites transactions between BTC-e, the Charlie Shrem-founded/Ver-funded Bitinstant exchange, and Ver’s own Memory Dealers, a BTC-friendly online tech hardware marketplace.

CoinDesk quotes the DHS report detailing $2.5 million in transfers from BitInstant and Memory Dealers to a bank account controlled by Canton Business Corporation, BTC-e’s Seychelles-registered shell company. The transfers were labeled ‘Internet Advertisement Agreement,’ but investigators couldn’t identify any advertising services performed by BTC-e in return for these millions.

The payments were made between April and November 2013. Ver is supposed to have stepped down as Memory Dealers’ CEO the previous year, although he didn’t end his relationship with the site until 2018, and he continues to use the MemoryDealers account on Reddit.

Wen Binance?

With the DOJ’s renewed interest in pursuing crypto criminals regardless of the vintage of their crimes, anticipation grows as to when the SDNY will file criminal charges against Binance and its founder, Changpeng ‘CZ’ Zhao.

The suits filed by the SEC and the Commodity Futures Trading Commission (CFTC) offer ample evidence of flagrant lawbreaking, with CZ quoted frequently in internal communications advising and urging his underlings to commit federal crimes. That’s more than enough to trigger charges under the U.S. Racketeering Influenced and Corrupt Organizations (RICO) Act, with stiff sentences for each count.

CZ is said to be laying low in Dubai, but the SEC has asked the U.S. District Court for the District of Columbia for permission to serve its summons “via alternative means.” This includes sending the summons to CZ’s attorneys, whose whereabouts aren’t such a closely guarded secret.

All that’s really needed now is something to smoke CZ out of his hole and into an international airport, where an Interpol Red Notice likely awaits. After that, CZ can look forward to a more permanent address, the maximum-security kind.

Follow CoinGeek’s Crypto Crime Cartel series, which delves into the stream of groups—from BitMEX to Binance, Bitcoin.com, Blockstream, ShapeShift, Coinbase, Ripple,
Ethereum, FTX and Tether—who have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.