Crimes

US Justice Department seized $500K in fiat and crypto from hackers connected to DPRK

Deputy Attorney General Lisa Monaco said authorities relied on victims to report attacks “as soon as those crimes occur” to help recover funds.

The United States Department of Justice has seized and returned roughly $500,000 in fiat and crypto from a hacking group tied to the North Korean government, which included two crypto payments made by U.S. healthcare providers.

In a Tuesday announcement, the Justice Department said in conjunction with the FBI that it had investigated a $100,000 ransomware payment in Bitcoin (BTC) from a Kansas hospital to a North Korean hacking group in order to regain access to its systems, as well as a $120,000 in BTC payment from a medical provider in Colorado to one of the wallets connected to the aforementioned attack. In May, the FBI filed a seizure warrant for funds from the two ransom attacks and others laundered through China, which the Justice Department reported as worth roughly $500,000 total.

“These sophisticated criminals are constantly pushing boundaries to search for ways to extort money from victims by forcing them to pay ramsons in order to regain control of their computer and record systems,” said Duston Slinkard, U.S. Attorney for the District of Kansas. “What these hackers don’t count on is the tenacity of the U.S. Justice Department in recovering and returning these funds to the rightful owners.”

U.S. Deputy Attorney General Lisa Monaco said in a speech for the International Conference on Cyber Security on Tuesday that authorities relied on victims from the private sector to report ransomware attacks and others “as soon as those crimes occur:”

“If you report that attack, if you report the ransom demand and payment, if you work with the FBI, we can take action; we can follow the money and get it back; we can help prevent the next attack, the next victim; and we can hold cybercriminals accountable. Those companies that work with us will see that we stand with them in the aftermath of an incident.”

According to Monaco, the FBI and Justice Department traced the ransom payments through the blockchain in much the same way they found and seized more than $2 million in crypto following an attack on the Colonial Pipeline system in 2021. The Office of the Attorney General late announced the formation of a National Cryptocurrency Enforcement Team under the Justice Department and a Virtual Asset Exploitation Unit under the FBI. Both teams were aimed at addressing cybercrimes used for “digital extortion” of funds, including crypto.

Related: US federal judge approves of Justice Dept criminal complaint on using crypto to evade sanctions

Hacking groups connected to either North Korea or Russia have reportedly been responsible for many major ransomware and cyber attacks in the United States and globally. In April, the Treasury Department’s Office of Foreign Assets Control named North Korean cyber-criminal Lazarus Group as the entity behind a March 2022 hack of Ronin Bridge, in which more than $600 million in crypto assets were removed.

Korea and US agree to share investigation data on Terra

The two nations have agreed to share their investigation data on the ongoing crypto-related cases including Terra.

South Korean justice minister Han Dong-hoon was in New York recently to discuss various ways in which the two nations can corporate on investigations associated with financial crimes, especially crypto-related crimes.

Hoon met with Securities and Commodities Task Force co-chief Andrea M. Griswold at the United States Attorney’s Office for the Southern District of New York along with Scott Hartman, chief of the Securities and Commodities Fraud Task Force of the same office on Tuesday, reported a local news publication.

The two sides discussed ways to exchange information and strengthen cooperation to ensure timely action on the increasing number of securities frauds associated with the digital asset market, reported the publication. The two sides have reportedly agreed to share their latest investigation data around Terra, a crypto project under investigation in both countries.

Justice Minister Han Dong-hoo (left) meets with prosecution officials from the United States, Source: Yna

The $40 billion Terra ecosystem crash has attracted legal scrutiny from both countries. The U.S has recently opened a new investigation against Terra co-founder Do Kwon, while the South Korean prosecutors are looking into several charges including fraud, market manipulation and tax evasion.

Related: Terra 2.0: A crypto project built on the ruins of $40 billion in investors’ money

The cooperation between the two nations could be the first of many as crypto-related crimes have become the focus of regulators in recent times. South Korea has emerged as one of the most strict nations when it comes to crypto regulations, ensuring strict Know Your Customer (KYC) and Anti-Money Laundering (AML) guidelines.

The Terra saga has also prompted Korean lawmakers to form a new crypto oversight committee to assess the new crypto projects listed on crypto exchanges. Many experts have predicted that the crash of TerraUSD Classic (USTC) would prompt regulators to favor centralized stablecoins over algorithmic ones.

Due to the lack of clear crypto regulations, tracking and prosecuting these crimes, which often involve cross-border transactions and laundering, becomes increasingly difficult and complex. For example, a Dutch university paid 200,000 in Bitcoin (BTC) as a ransom in 2019. The investigators managed to track one wallet to Ukraine and eventually had to work with the local authorities to get back the funds nearly three years after the hack.

Former Monero maintainer Riccardo ‘Fluffypony’ Spagni to surrender for South Africa extradition

Court filings hint at authorities allowing Spagni to be in the United States for the Independence Day holiday weekend before being taken to South Africa early on Tuesday.

Riccardo Spagni, the former maintainer of the privacy coin Monero also known as Fluffypony, faces extradition to South Africa months after his arrest by U.S. authorities.

In a Thursday court filing for the Middle District of Tennessee, Magistrate Judge Alistair Newbern ordered Spagni to surrender to U.S. Marshals on July 5 for extradition to South Africa. He will reportedly face 378 charges related to allegations of fraud and forgery between 2009 and 2011 at a company called Cape Cookies.

U.S. authorities arrested Spagni in Nashville in July 2021 at the request of the South African government, holding him in custody until September. The court filings hint at allowing Spagni to be in the United States for the Independence Day holiday weekend before being taken to Africa early on Tuesday. None of the charges in South Africa are related to Spagni’s time working on Monero (XMR), for which he was the lead maintainer until December 2019.

Related: Privacy coins are surging — Will regulatory pressure stall their stellar run?

Spagni, who posts on Twitter under the handle Fluffypony, has been involved in the crypto space since 2011. Since his arrest in the United States, he tweeted regarding his desire to return to South Africa to “address this matter” related to the fraud charges:

According to data from Cointelegraph Markets, the price of XMR has fallen roughly 8% in the last 24 hours, reaching $110 at the time of publication. As with many cryptocurrencies in the current bear market, the price of the privacy coin has fallen significantly in the last 30 days — roughly 46% from more than $206 on May 31. 

Former Monero maintainer Spagni to surrender for South Africa extradition

Court filings hint at authorities allowing Spagni to be in the United States for the Independence Day holiday weekend before being taken to South Africa early on Tuesday.

Riccardo Spagni, the former maintainer of the privacy coin Monero (XMR), also known as Fluffypony, faces extradition to South Africa months after his arrest by U.S. authorities.

In a Thursday court filing for the Middle District of Tennessee, Magistrate Judge Alistair Newbern ordered Spagni to surrender to U.S. Marshals on July 5 for extradition to South Africa. He will reportedly face 378 charges related to allegations of fraud and forgery between 2009 and 2011 at a company called Cape Cookies.

U.S. authorities arrested Spagni in Nashville in July 2021 at the request of the South African government, holding him in custody until September. The court filings hint at allowing Spagni to be in the United States for the Independence Day holiday weekend before being taken to South Africa early on July 5. None of the charges in South Africa are related to Spagni’s time working on Monero, for which he was the lead maintainer until December 2019.

Related: Privacy coins are surging — Will regulatory pressure stall their stellar run?

Spagni, who posts on Twitter under the handle Fluffypony, has been involved in the crypto space since 2011. Since his arrest in the United States, he tweeted regarding his desire to return to South Africa to “address this matter” related to the fraud charges.

According to data from Cointelegraph Markets, the price of XMR has fallen roughly 8% in the last 24 hours, reaching $110 at the time of publication. As with many cryptocurrencies in the current bear market, the price of the privacy coin has fallen significantly in the last 30 days — roughly 46% from more than $206 on May 31. 

‘Cryptoqueen’ Ruja Ignatova makes FBI’s Ten Most Wanted list

The Bulgarian-German businesswoman was last spotted in Athens in 2017, and now worth up to $100,000 to provide U.S. law enforcement with information about her.

“Crypto” is often used as an honorific inside the community. United States Securities and Exchange Commission member Hester Peirce is called Crypto Mom for her steadfast support for digital assets, and Time magazine crowned Vitalik Buterin the Prince of Crypto. When Ruja Ignatova was given the title “Cryptoqueen” in a 2019 true-crime podcast, however, it was with far less endearment. 

Ignatova was the creator of OneCoin, a purported cryptocurrency that proved to be a Ponzi scheme. According to law enforcement, her OneCoin Ltd. has defrauded more than 3 million investors of more than $4 billion since 2014. Her company has also been accused of bribing the presidents of Serbia and Bulgaria, among other things.

Now Ignatova can add “most wanted” to her titular stylings, thanks to the U.S. Federal Bureau of Investigation (FBI), which placed her on its top-ten list Thursday and will pay up to $100,000 for information leading to her arrest. According to the FBI, Ignatova was last known to be in Athens. That was in 2017.

Ignatova recently counted among Europol’s most wanted as well, although she is no longer on that list.

Related: Is education the key to curbing the rise of scammy, high-APY projects?

Ignatova grew up in Germany and holds a Ph.D. in economics. In her heyday, the ethnic Bulgarian was known for her elegant attire and fancy parties. She attracted a crowd of over 3,000 to Wembley Arena in London to hear her speak in 2016, even though suspicions about her activities were already common knowledge by that time.

Since then, OneCoin has been the subject of a class-action suit, and her brother and associates have been brought to trial. The world has taken note of the drama inherent in the case. Kate Winslet is reportedly involved in a film based on the experiences of a OneCoin investor. Variety reports that a deal has been made on a three-part documentary about Ignatova as well.

CFTC brings $1.7B fraud case involving Bitcoin against South African national

“The defendants misappropriated, either directly or indirectly, all of the Bitcoin they accepted from the pool participants,” said the CFTC.

The United States Commodity Futures Trading Commission, or CFTC, has taken enforcement action against a South African national in what the regulatory body called its “largest fraudulent scheme involving Bitcoin.”

In a Thursday announcement, the CFTC said it had filed a civil enforcement action in federal court for fraud and registration violations against Cornelius Johannes Steynberg. The South African national allegedly created and operated a global foreign currency commodity pool totaling more than $1.7 billion, only allowing the participants to pay using Bitcoin (BTC).

The CFTC alleged that Steynberg used the South Africa-based firm Mirror Trading International Proprietary Limited to solicit BTC from the public using social media and various websites. From May 2018 to March 2021, the regulatory body claimed that he accepted at least 29,421 BTC — valued at more than $1.7 billion at the time, but roughly $564 million at the time of publication — including from individuals in the United States.

“The defendants misappropriated, either directly or indirectly, all of the Bitcoin they accepted from the pool participants,” said the CFTC. “The CFTC seeks full restitution to defrauded investors, disgorgement of ill-gotten gains, civil monetary penalties, permanent registration and trading bans, and a permanent injunction against future violations of the Commodity Exchange Act and CFTC Regulations.”

Related: The CFTC’s action against Gemini is bad news for Bitcoin ETFs

The case against Steynberg is the latest in a series of enforcement actions the CFTC has taken against individuals allegedly using cryptocurrencies for illicit purposes or digital asset firms for violations of the Commodity Exchange Act. In June, the CFTC filed a lawsuit against Gemini, claiming the crypto exchange made false or misleading statements to the regulatory body in 2017. A federal court also ordered the founders of crypto derivatives exchange BitMEX to pay $30 million in penalties as part of the conclusion of a suit filed by the CFTC in October 2020.

Information, AML/CFT steps are key to fighting international digital crime, DOJ report says

The Justice Department report, mandated by the president’s executive order on digital asset development, recommends more efforts along the lines already being pursued.

The United States Department of Justice (DOJ) released a report on international law enforcement related to digital assets on Tuesday. It is the first of the approximately one dozen reports mandated in President Joe Biden’s March 9 executive order “Ensuring Responsible Development of Digital Assets.”

The report, titled “How To Strengthen International Law Enforcement Cooperation For Detecting, Investigating, And Prosecuting Criminal Activity Related To Digital Assets,” was written with the collaboration of the Departments of State, Treasury and Homeland Security, as well as the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC).

Countries have varying degrees of capacity to deal with criminal activity due to the unique law enforcement challenges associated with the nature of digital asset transactions, such as their anonymity and ability to cross borders instantaneously, the report said. It listed money laundering, ransomware activities, cybercrime, fraud, theft, terrorist financing and sanctions evasion among the criminal activities in question.

Weak Anti-Money Laundering (AML) and Combating the Financing of Terrorism (CFT) enforcement, limited legislative frameworks and lack of expertise in the face of an evolving threat landscape are also impediments to effective transnational crime-fighting efforts.

Information sharing is a key component in international enforcement efforts, but effective information sharing among U.S. agencies is needed for international efforts to succeed, the report noted, and a whole-of-government approach increases law enforcement effectiveness overall. The United States has entered into several agreements and organizations, such as the Financial Action Task Force (FATF) and the International Organization of Securities Commissions (IOSCO), to improve information sharing.

Related: Solving the ‘sunrise issue’ is the key to unlocking crypto mass adoption

The report’s recommendations are largely for more of the same cooperation and information sharing. It is particularly detailed in addressing the need for greater AML/CFT regulation. Criminal actors are able to take advantage of jurisdictional arbitrage, the report noted:

“Encourage partners to examine and weigh the reputational and national security risks and policy implications associated with allowing certain virtual assets businesses to operate within their borders.” 

Numerous U.S. agencies have international training and outreach efforts that contribute to international crime fighting.