The world of cryptocurrency seems to attract a few unsavoury characters from time to time, with the latest installment being two Russian men who are accused of stealing nearly $17 million in virtual currencies. U.S. authorities caught onto their activities and had been tracking them for some time before announcing that they’d filed criminal charges and financial sanctions against the two men. They managed to steal the funds through fraudulent attacks, which were carried out between 2017 and 2018 by imitating websites promoting cryptocurrency exchange fees and phishing for important personal data. While this doesn’t comment directly on the security of cryptocurrencies, it does highlight a problem with the current shared webspace and how easily users can be spoofed.
The justice department alleges that the Russian duo Danil Potekhin and Dmitrii Karasavidi were responsible for the insidious money laundering campaign resulting in theft of $16.8 million in cryptocurrency and fiat money from victims worldwide. Not just this, but The U.S. Treasury Department announced economic sanctions against the pair, meaning it is now a crime to transact with them. While this is positive news, seizing cryptocurrency, which is made through anonymous trade, is no easy feat. It will take some time to reclaim the funds, if at all. Moreover, the leadership of Vladimir Putin in Russia lends to the possibility that the criminal activity of Potekhin and Karasavidi may avoid prosecution, as Putin once declared that hackers wouldn’t be prosecuted as long as the hacking is done outside of Russia. While there is still speculation regarding this statement, it certainly doesn’t give much comfort to the victims.
It’s not absolutely clear what the duo did, but according to the indictments they set up fake websites that mimicked login pages for currency exchange sites Binance, Geminin and Poloniex. They then accessed the accounts through stolen login details and stole funds directly from client accounts. It is claimed that they stole more than $10 million from 142 Binance victims, $5 million from 158 Poloniex users, and just over $1 million from 42 Gemini customers. Prosecutors claim the men laundered the stolen money through fictitious cryptocurrency accounts on the aforementioned cryptocurrency exchange platforms. To stretch their profits, the pair then artificially inflated the value of their stolen funds, increasing the overall gain from the theft. A well-calculated plan by two individuals who are extremely knowledgeable about blockchain and the crimes they committed. It’s a staggering amount of money, but the means to fraugently access client accounts isn’t particularly groundbreaking, nor is it related to the overall security of blockchain.
Although this seems to be just the start of the process of bringing the Russian pair to justice, there is some relief for the victims of these attacks. The U.S. Treasury Department released a statement to say the government had seized millions of dollars from Karasavidi’s account. This isn’t to say the funds will be immediately returned to the victim’s account, it’s just the start of a long process to remedy the situation. The structure of blockchain will make returning the funds to victims a particularly difficult task – it could take years. However, one must assume this will happen again and measures must be put in place to rectify the situation for the victims of this and any future attack.