Prosecutors Detail Russians’ Crypto Phishing Scheme in Forfeiture Suit

Sep 17, 2020 at 16:11 UTC

Danil Potekhin and Dimitrii Karasavidi face a growing list of U.S. legal troubles. (wk1003mike/Shutterstock)

The two Russians who were sanctioned earlier this week by the U.S. Treasury Department on accusations of being crypto thieves allegedly got their millions through market manipulation and phishing. 

Prosecutors detailed Danil Potekhin and Dimitrii Karasavidi’s alleged heists, victims and target exchanges in a 30-page forfeiture complaint filed Wednesday against the pair’s previously seized crypto funds.

• Karasavidi and Potekhin allegedly “deployed” a series of bogus Poloniex, Gemini and Binance lookalike sites that duped unwitting users into sharing their login credentials, giving the hackers control of wallets. 
• They then “drained” $20 million worth of bitcoin (BTC), ether (ETH) and NEO from victims’ accounts, according to the complaint. Prosecutors said the lion’s share ended up in Karasavidi’s Bitfinex account.
• Other funds were frozen by Poloniex and quickly seized by authorities, who filed the lawsuit to take control of 15,602 ETH, 199.8 BTC, $6.1 million in cash and 1,199 NEO, a total worth $14.2 million at press time.
• That ETH haul was actually the product of a separate hacker scheme: market manipulation, authorities say. 

In late October 2017, hackers pumped $5 million of one victim’s crypto into NEO’s Gas market, skyrocketing the usually sleepy token’s value 13,000% before ordering their personal gas-holding Poloniex accounts to cash out into ETH. The victim “lost virtually all of his $5 million in cryptocurrency,” prosecutors alleged.

• Prosecutors also claimed the hackers attempted to cover up the stolen crypto’s origin by “layering” funds – a classic money-laundering technique. 
• Treasury officials said they used “blockchain tracing analysis” to follow the ETH from the Poloniex manipulation and the Poloniex, Binance and Gemini phishing schemes into Karasavidi’s Bitfinex account.
• They further claimed to have identified Potekhin as the owner of multiple misspelled Poloniex domain names linked to the phishing scheme.
• Similar tactics were used against Binance and Gemini customers, the regulator said in the lawsuit.

Karasavidi and Potekhin face a mounting lineup of legal troubles. This week, they’ve been added to the Treasury Department’s OFAC blacklist and also face federal wire fraud, hacking and money laundering charges.

Read more about…

RussiaSanctionsPhishing ScamCoinFlash

Disclosure

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.