A jury has unanimously convicted Avi Eisenberg in the US Department of Justice’s first case involving cryptocurrency open-market manipulation, the DOJ announced Thursday.
The jury found Eisenberg guilty of commodities fraud, commodities market manipulation, and wire fraud in connection with the manipulation on a decentralized cryptocurrency exchange called Mango Markets.
Eisenberg is scheduled to be sentenced on July 29 and is facing “a maximum penalty of 10 years in prison on the commodities fraud count and the commodities manipulation count, and a maximum penalty of 20 years in prison on the wire fraud count,” the DOJ said.
On the Mango Markets exchange, Eisenberg was “engaged in a scheme to fraudulently obtain approximately $110 million worth of cryptocurrency from Mango Markets and its customers by artificially manipulating the price of certain perpetual futures contracts,” the DOJ said. The scheme impacted both investors trading and the exchange itself, which had to suspend operations after Eisenberg’s attack made the exchange insolvent.
Nicole M. Argentieri, the principal deputy assistant attorney general who heads the DOJ’s criminal division, said that Eisenberg’s manipulative trading scheme “puts our financial markets and investors at risk.”
“This prosecution—the first involving the manipulation of cryptocurrency through open-market trades—demonstrates the Criminal Division’s commitment to protecting US financial markets and holding wrongdoers accountable, no matter what mechanism they use to commit manipulation and fraud,” Argentieri said.
Mango Labs has similarly sued Eisenberg over the price manipulation scheme, but that lawsuit was stayed until the DOJ’s case was resolved. Mango Labs is expecting a status update today from the US government and is hoping to proceed with its lawsuit.
Ars could not immediately reach Mango Labs for comment.
Eisenberg’s lawyer, Brian Klein, provided the same statement to Ars, confirming that Eisenberg’s legal team is “obviously disappointed” but “will keep fighting for our client.”
How the Mango Markets scheme worked
Mango Labs has accused Eisenberg of being a “notorious cryptocurrency market manipulator,” noting in its complaint that he has a “history of attacking multiple cryptocurrency platforms and manipulating cryptocurrency markets.” That history includes allegedly embezzling $14 million in 2021 while Eisenberg was working as a developer for another decentralized marketplace called Fortress, Mango Labs’ complaint said.
Eisenberg’s attack on Mango Markets intended to grab tens of millions more than the alleged Fortress attack. When Eisenberg was first charged, the DOJ explained how his Mango Markets price manipulation scheme worked.
On Mango Markets, investors can “purchase and borrow cryptocurrencies and cryptocurrency-related financial products,” including buying and selling “perpetual futures contracts.”
“When an investor buys or sells a perpetual for a particular cryptocurrency, the investor is not buying or selling that cryptocurrency but is, instead, buying or selling exposure to future movements in the value of that cryptocurrency relative to another cryptocurrency,” the DOJ explained.
It’s easy to get the impression that Discord chat messages are ephemeral, especially across different public servers, where lines fly upward at a near-unreadable pace. But someone claims to be catching and compiling that data and is offering packages that can track more than 600 million users across more than 14,000 servers.
Joseph Cox at 404 Media confirmed that Spy Pet, a service that sells access to a database of purportedly 3 billion Discord messages, offers data “credits” to customers who pay in bitcoin, ethereum, or other cryptocurrency. Searching individual users will reveal the servers that Spy Pet can track them across, a raw and exportable table of their messages, and connected accounts, such as GitHub. Ominously, Spy Pet lists more than 86,000 other servers in which it has “no bots,” but “we know it exists.”
An example of Spy Pet’s service from its website. Shown are a user’s nicknames, connected accounts, banner image, server memberships, and messages across those servers tracked by Spy Pet.
Spy Pet
Statistics on servers, users, and messages purportedly logged by Spy Pet.
Spy Pet
An example image of the publicly available data gathered by Spy Pet, in this example for a public server for the game Deep Rock Galactic: Survivor.
Spy Pet
As Cox notes, Discord doesn’t make messages inside server channels, like blog posts or unlocked social media feeds, easy to publicly access and search. But many Discord users many not expect their messages, server memberships, bans, or other data to be grabbed by a bot, compiled, and sold to anybody wishing to pin them all on a particular user. 404 Media confirmed the service’s function with multiple user examples. Private messages are not mentioned by Spy Pet and are presumably still secure.
Spy Pet openly asks those training AI models, or “federal agents looking for a new source of intel,” to contact them for deals. As noted by 404 Media and confirmed by Ars, clicking on the “Request Removal” link plays a clip of J. Jonah Jameson from Spider-Man (the Tobey Maguire/Sam Raimi version) laughing at the idea of advance payment before an abrupt “You’re serious?” Users of Spy Pet, however, are assured of “secure and confidential” searches, with random usernames.
This author found nearly every public Discord he had ever dropped into for research or reporting in Spy Pet’s server list. Those who haven’t paid for message access can only see fairly benign public-facing elements, like stickers, emojis, and charted member totals over time. But as an indication of the reach of Spy Pet’s scraping, it’s an effective warning, or enticement, depending on your goals.
Ars has reached out to Spy Pet for comment and will update this post if we receive a response. A Discord spokesperson told Ars that the company is investigating whether Spy Pet violated its terms of service and community guidelines. It will take “appropriate steps to enforce our policies,” the company said, and could not provide further comment.
Google has sued two app developers based in China over an alleged scheme targeting 100,000 users globally over four years with at least 87 fraudulent cryptocurrency and other investor apps distributed through the Play Store.
The tech giant alleged that scammers lured victims with “promises of high returns” from “seemingly legitimate” apps offering investment opportunities in cryptocurrencies and other products. Commonly known as “pig-butchering schemes,” these scams displayed fake returns on investments, but when users went to withdraw the funds, they discovered they could not.
In some cases, Google alleged, developers would “double down on the scheme by requesting various fees and other payments from victims that were supposedly necessary for the victims to recover their principal investments and purported gains.”
Google accused the app developers—Yunfeng Sun (also known as “Alphonse Sun”) and Hongnam Cheung (also known as “Zhang Hongnim” and “Stanford Fischer”)—of conspiring to commit “hundreds of acts of wire fraud” to further “an unlawful pattern of racketeering activity” that siphoned up to $75,000 from each user successfully scammed.
Google was able to piece together the elaborate alleged scheme because the developers used a wide array of Google products and services to target victims, Google said, including Google Play, Voice, Workspace, and YouTube, breaching each one’s terms of service. Perhaps most notably, the Google Play Store’s developer program policies “forbid developers to upload to Google Play ‘apps that expose users to deceptive or harmful financial products and services,’ including harmful products and services ‘related to the management or investment of money and cryptocurrencies.'”
In addition to harming Google consumers, Google claimed that each product and service’s reputation would continue to be harmed unless the US district court in New York ordered a permanent injunction stopping developers from using any Google products or services.
“By using Google Play to conduct their fraud scheme,” scammers “have threatened the integrity of Google Play and the user experience,” Google alleged. “By using other Google products to support their scheme,” the scammers “also threaten the safety and integrity of those other products, including YouTube, Workspace, and Google Voice.”
Google’s lawsuit is the company’s most recent attempt to block fraudsters from targeting Google products by suing individuals directly, Bloomberg noted. Last year, Google sued five people accused of distributing a fake Bard AI chatbot that instead downloaded malware to Google users’ devices, Bloomberg reported.
How did the alleged Google Play scams work?
Google said that the accused developers “varied their approach from app to app” when allegedly trying to scam users out of thousands of dollars but primarily relied on three methods to lure victims.
The first method relied on sending text messages using Google Voice—such as “I am Sophia, do you remember me?” or “I miss you all the time, how are your parents Mike?”—”to convince the targeted victims that they were sent to the wrong number.” From there, the scammers would apparently establish “friendships” or “romantic relationships” with victims before moving the conversation to apps like WhatsApp, where they would “offer to guide the victim through the investment process, often reassuring the victim of any doubts they had about the apps.” These supposed friends, Google claimed, would “then disappear once the victim tried to withdraw funds.”
Another strategy allegedly employed by scammers relied on videos posted to platforms like YouTube, where fake investment opportunities would be promoted, promising “rates of return” as high as “two percent daily.”
The third tactic, Google said, pushed bogus affiliate marketing campaigns, promising users commissions for “signing up additional users.” These apps, Google claimed, were advertised on social media as “a guaranteed and easy way to earn money.”
Once a victim was drawn into using one of the fraudulent apps, “user interfaces sought to convince victims that they were maintaining balances on the app and that they were earning ‘returns’ on their investments,” Google said.
Occasionally, users would be allowed to withdraw small amounts, convincing them that it was safe to invest more money, but “later attempts to withdraw purported returns simply did not work.” And sometimes the scammers would “bilk” victims out of “even more money,” Google said, by requesting additional funds be submitted to make a withdrawal.
“Some demands” for additional funds, Google found, asked for anywhere “from 10 to 30 percent to cover purported commissions and/or taxes.” Victims, of course, “still did not receive their withdrawal requests even after these additional fees were paid,” Google said.
Which apps were removed from the Play Store?
Google tried to remove apps as soon as they were discovered to be fraudulent, but Google claimed that scammers concocted new aliases and infrastructure to “obfuscate their connection to suspended fraudulent apps.” Because scammers relied on so many different Google services, Google was able to connect the scheme to the accused developers through various business records.
Fraudulent apps named in the complaint include fake cryptocurrency exchanges called TionRT and SkypeWallet. To make the exchanges appear legitimate, scammers put out press releases on newswire services and created YouTube videos likely relying on actors to portray company leadership.
In one YouTube video promoting SkypeWallet, the supposed co-founder of Skype Coin uses the name “Romser Bennett,” which is the same name used for the supposed founder of another fraudulent app called OTCAI2.0, Google said. In each video, a completely different presumed hired actor plays the part of “Romser Bennett.” In other videos, Google found the exact same actor plays an engineer named “Rodriguez” for one app and a technical leader named “William Bryant” for another app.
Another fraudulent app that was flagged by Google was called the Starlight app. Promoted on TikTok and Instagram, Google said, that app promised “that users could earn commissions by simply watching videos.”
The Starlight app was downloaded approximately 23,000 times and seemingly primarily targeted users in Ghana, allegedly scamming at least 6,000 Ghanian users out of initial investment capital that they were told was required before they could start earning money on the app.
Across all 87 fraudulent apps that Google has removed, Google estimated that approximately 100,000 users were victimized, including approximately 8,700 in the United States.
Currently, Google is not aware of any live apps in the Play Store connected to the alleged scheme, the complaint said, but scammers intent on furthering the scheme “will continue to harm Google and Google Play users” without a permanent injunction, Google warned.
Enlarge/ FTX founder Sam Bankman-Fried (R) departs Manhattan Federal Court after an arraignment hearing on March 30, 2023, in New York City.
The CEO of FTX Trading, John Ray, sent a letter to Judge Lewis Kaplan Wednesday to correct what he called “callously” and “demonstrably false” claims that disgraced FTX founder Sam Bankman-Fried made in hopes of receiving a lighter sentence for crimes including defrauding FTX customers.
In a sentencing memo, Bankman-Fried asked the court to drastically slash his prison sentence from what he considered a “grotesque” 110-year maximum to five to six years. Prosecutors have suggested the sentence should be between 40 and 50 years, but Bankman-Fried claimed such a sentence painted him as a “depraved supervillain,” Bloomberg reported.
The lightest sentence was appropriate, Bankman-Fried claimed, because the “most reasonable estimate of loss” and “harm” to customers, lenders, and investors is “zero.”
According to Ray, “Bankman-Fried continues to live a life of delusion.” While Ray’s team continues to work to recover funds lost, which has been estimated around $10 billion, the total amount of stakeholder claims filed is $23.6 quintillion dollars.
“One quintillion is one billion billions,” Ray told Kaplan. “It is the number 1 followed by 18 zeros. The task of addressing filed claims and reducing them to their proper and ‘allowed’ amount is monumental. Mr. Bankman-Fried assumes this is a breeze. He is wrong, very wrong.”
In one of the letter’s most heated moments, Ray explained why Bankman-Fried is also wrong to claim that FTX is “solvent and safe”:
Vast sums of money were stolen by Mr. Bankman-Fried, and he was rightly convicted by a jury of his peers. That things that he stole, things he converted into other things, whether they were investments in Bahamas real estate, cryptocurrencies or speculative ventures, were successfully recovered through the enormous efforts of a dedicated group of professionals (a group unfairly maligned by Mr. Bankman-Fried and his supporters) does not mean that things were not stolen. What it means is that we got some of them back. And there are plenty of things we did not get back, like the bribes to Chinese officials or the hundreds of millions of dollars he spent to buy access to or time with celebrities or politicians or investments for which he grossly overpaid having done zero diligence. The harm was vast. The remorse is nonexistent.
Ray appears to be frustrated that Bankman-Fried chose to blame his team currently leading FTX and managing bankruptcy claims, as well as lawyers—labeling them as “enemies”—to dodge responsibility for FTX crimes.
Those crimes include: wire fraud on customers of FTX, conspiracy to commit wire fraud on customers of FTX, wire fraud on lenders to Alameda Research, conspiracy to commit wire fraud on lenders to Alameda Research, conspiracy to commit securities fraud on investors in FTX, conspiracy to commit commodities fraud on customers of FTX in connection with purchases and sales of cryptocurrency and swaps, and conspiracy to commit money laundering.
“Bankman-Fried was willing to consider any narrative, including wildly conflicting narratives, that could potentially save him from this day of reckoning,” Ray told Kaplan.
Conflicting narratives Bankman-Fried considered were either focusing “exclusively on the fact” that he “could give value back to customers,” and “the Chapter 11 team is destroying it” or “go strong with the message” that “I’m really glad the Chapter 11 team has stepped in, they’re great, and even better I have funding that can help make customers more whole while the Chapter 11 team does what is needed to clean things up.”
Instead of being “enemies” stopping FTX customers from clawing back all the funds stolen, Ray told Kaplan that his team “worked tirelessly in the months following the collapse to institute governance, controls, and to preserve and protect assets.”
“The value we hope to return to creditors would not exist without the tens of thousands of hours that dedicated professionals have spent digging through the rubble of Mr. Bankman-Fried’s sprawling criminal enterprise to unearth every possible dollar, token, or other asset that was spent on luxury homes, private jets, overpriced speculative ventures, and otherwise lost to the four winds,” Ray told Kaplan, adding that “achieving anticipated recovery levels” that Bankman-Fried suggested all FTX victims are expecting is actually “by no means assured.”
“I am quite confident that but for the work of a very large team of dedicated individuals, billions of dollars would have been lost or stolen and the recoveries to customers would be a fraction of their expected recovery,” Ray told Kaplan. “I make this statement not to curry sympathy or thanks, but to accurately report on the reasons why the FTX debtors may soon be in a position to compensate victims for some of the losses caused by Mr. Bankman-Fried.”
Enlarge/ Dr. Craig Wright arrives at the Rolls Building, part of the Royal Courts of Justice, on February 06, 2024, in London, England.
“Overwhelming evidence” shows that Australian computer scientist Craig Wright is not bitcoin creator Satoshi Nakamoto, a UK judge declared Thursday.
In what Wired described as a “surprise ruling” at the closing of Wright’s six-week trial, Justice James Mellor abruptly ended years of speculation by saying:
“Dr. Wright is not the author of the Bitcoin white paper. Dr. Wright is not the person that operated under the pseudonym Satoshi Nakamoto. Dr. Wright is not the person that created the Bitcoin system. Nor is Dr. Wright the author of the Bitcoin software.”
Wright was not in the courtroom for this explosive moment, Wired reported.
In 2016, Wright had claimed that he did not have the “courage” to prove that he was the creator of bitcoin, shortly after claiming that he had “extraordinary proof.” As debate swirled around his claims, Wright began filing lawsuits, alleging that many had violated his intellectual property rights.
A nonprofit called the Crypto Open Patent Alliance (COPA) sued to stop Wright from filing any more lawsuits that it alleged were based on fabricated evidence, Wired reported. They submitted hundreds of alleged instances of forgery or tampering, Wired reported, asking the UK High Court for a permanent injunction to block Wright from ever making the claim again.
As a result of Mellor’s ruling, CoinDesk reported that Wright’s lawsuits against Coinbase and Twitter founder Jack Dorsey’s Block would be halted. COPA’s lawyer, Jonathan Hough, told CoinDesk that Wright’s conduct should be considered “deadly serious.”
“On the basis of his dishonest claim to be Satoshi, he has pursued claims he puts at hundreds of billions of dollars, including against numerous private individuals,” Hough said.
On Thursday, Dorsey posted a “W” on X (formerly Twitter), marking the win and quoting Mellor’s statements clearly rejecting Wright’s claims as false. COPA similarly celebrated the victory.
“This decision is a win for developers, for the entire open source community, and for the truth,” a COPA spokesperson told CoinDesk. “For over eight years, Dr. Wright and his financial backers have lied about his identity as Satoshi Nakamoto and used that lie to bully and intimidate developers in the bitcoin community. That ends today with the court’s ruling that Craig Wright is not Satoshi Nakamoto.”
Wright’s counsel, Lord Anthony Grabiner, had argued that Mellor granting an injunction would infringe Wright’s freedom of speech. Grabiner noted that “such a prohibition is unprecedented in the UK and would prevent Wright from even casually going to the park and declaring he’s Satoshi without incurring fines or going to prison,” CoinDesk reported.
COPA thinks the injunction is necessary, though.
“We are seeking to enjoin Dr. Wright from ever claiming to be Satoshi Nakamoto again and in doing so avoid further litigation terror campaigns,” COPA’s spokesperson told Wired.
And that’s not all that COPA wants. COPA has also petitioned for Wright’s alleged forgeries—some of which Reuters reported were allegedly produced using ChatGPT—to be review by UK criminal courts, where he could face fines and/or prison time. Hough alleged at trial that Wright “has committed fraud upon the court,” Wired reported, asking Britain’s Crown Prosecution Service to consider prosecuting Wright for “perjury and perverting the course of justice,” CoinDesk reported.
Wright’s counsel argued that COPA would need more evidence to back such a claim, CoinDesk reported.
Mellor won’t issue his final judgment for a month or more, Wired reported, so it’s not clear yet if Wright will be enjoined from claiming he is bitcoin’s creator. The judgement will “be ready when it’s ready and not before,” Mellor said.
Enlarge/ It takes a lot of energy to keep pumping out more bitcoins.
What exactly is bitcoin mining doing to the electric grid? In the last few years, the US has seen a boom in cryptocurrency mining, and the government is now trying to track exactly what that means for the consumption of electricity. While its analysis is preliminary, the Energy Information Agency (EIA) estimates that large-scale cryptocurrency operations are now consuming over 2 percent of the US’s electricity. That’s roughly the equivalent of having added an additional state to the grid over just the last three years.
Follow the megawatts
While there is some small-scale mining that goes on with personal computers and small rigs, most cryptocurrency mining has moved to large collections of specialized hardware. While this hardware can be pricy compared to personal computers, the main cost for these operations is electricity use, so the miners will tend to move to places with low electricity rates. The EIA report notes that, in the wake of a crackdown on cryptocurrency in China, a lot of that movement has involved relocation to the US, where keeping electricity prices low has generally been a policy priority.
One independent estimate made by the Cambridge Centre for Alternative Finance had the US as the home of just over 3 percent of the global bitcoin mining at the start of 2020. By the start of 2022, that figure was nearly 38 percent.
The Cambridge Center also estimates the global electricity use of all bitcoin mining, so it’s possible to multiply that by the US’s percentage and come up with an estimate for the amount of electricity that boom has consumed. Because of the uncertainties in these estimates, the number could be anywhere from 25 to 91 Terawatt-hours. Even the low end of that range would mean bitcoin mining is now using the equivalent of Utah’s electricity consumption (the high end is roughly Washington’s), which has significant implications for the electric grid as a whole.
So, the EIA decided it needed a better grip on what was going on. To get that, it went through trade publications, financial reports, news articles, and congressional investigation reports to identify as many bitcoin mining operations as it could. With 137 facilities identified, it then inquired about the power supply needed to operate them at full capacity, receiving answers for 101 of those facilities.
If running all-out, those 101 facilities would consume 2.3 percent of the US’s average power demand. That places them on the high side of the Cambridge Center estimates.
Finding power-ups
The mining operations fall in two major clusters: one in Texas, and one extending from western New York down the Appalachians to southern Georgia. While there are additional ones scattered throughout the US, these are the major sites.
The EIA has also found some instances where the operations moved in near underutilized power plants and sent generation soaring again. Tracking the history of five of these plants showed that generation had fallen steadily from 2015 to 2020, reaching a low where they collectively produced just half a Terawatt-hour. Miners moving in nearby tripled production in just a year and has seen it rise to over 2 Terawatt-hours in 2022.
Enlarge/ Power plants near bitcoin mining operations have seen generation surge over the last two years.
These are almost certainly fossil fuel plants that might be reasonable candidates for retirement if it weren’t for their use to supply bitcoin miners. So, these miners are contributing to all of the health and climate problems associated with the continued use of fossil fuels.
The EIA also found a number of strategies that miners used to keep their power costs low. In one case, they moved into a former aluminum smelting facility in Texas to take advantage of its capacious connections to the grid. In another, they put a facility next to a nuclear plant in Pennsylvania and set up a direct connection to the plant. The EIA also found cases where miners moved near natural gas fields that produced waste methane that would otherwise have been burned off.
Since bitcoin mining is the antithesis of an essential activity, several mining operations have signed up for demand-response programs, where they agree to take their operations offline if electricity demand is likely to exceed generating capacity in return for compensation by the grid operator. It has been widely reported that one facility in Texas—the one at the former aluminum smelter site—earned over $30 million by shutting down during a heat wave in 2023.
To better understand the implications of this major new drain on the US electric grid, the EIA will be performing monthly analyses of bitcoin operations during the first half of 2024. But based on these initial numbers, it’s clear that the relocation of so many mining operations to the US will significantly hinder efforts to bring the US’s electric grid to carbon neutrality.
The US may have uncovered the nation’s largest “SIM swap” scheme yet, charging a Chicago man and co-conspirators with allegedly stealing $400 million in cryptocurrency by targeting over 50 victims in more than a dozen states, including one company.
A recent indictment alleged that Robert Powell—using online monikers “R,” “R$,” and “ElSwapo1″—was the “head of a SIM swapping group” called the “Powell SIM Swapping Crew.” He allegedly conspired with Indiana man Carter Rohn (aka “Carti” and “Punslayer”) and Colorado woman Emily Hernandez (allegedly aka “Em”) to gain access to victims’ devices and “carry out fraudulent SIM swap attacks” between March 2021 and April 2023.
SIM-swap attacks occur when someone fraudulently induces a wireless carrier to “reassign a cell phone number from the legitimate subscriber or user’s SIM card to a SIM card controlled by a criminal actor,” the indictment said. Once the swap occurs, the bad actor can defeat multi-factor authentication protections and access online accounts to steal data or money.
Powell’s accused crew allegedly used identification card printers to forge documents, then posed as victims visiting Apple, AT&T, Verizon, and T-Mobile retail stores in Minnesota, Illinois, Indiana, Utah, Nebraska, Colorado, Florida, Maryland, Massachusetts, Texas, New Mexico, Tennessee, Virginia, and the District of Columbia.
According to the indictment, many of the alleged victims did not suffer financial losses, but those that did were allegedly hit hard. The hardest hit appears to be an employee of a company whose AT&T device was allegedly commandeered at a Texas retail store, resulting in over $400 million being allegedly transferred from the employee’s company to co-conspirators’ financial accounts. Other individual victims allegedly lost cryptocurrency valued between $15,000 and more than $1 million.
Co-conspirators are accused of masking stolen funds, sometimes by allegedly hiding transfers in unhosted or self-hosted virtual currency wallets. If convicted, all stolen funds must be forfeited, the indictment said.
Powell has been charged with conspiracy to commit wire fraud and conspiracy to commit aggravated identity theft and access device fraud, Special Agent Brent Bledsoe said in the indictment. This Friday, Powell faces a detention hearing, where he has been ordered by the US Marshals Service to appear in person.
Powell’s attorney, Gal Pissetzky, told Ars that Powell has no comment on the indictment at this time.
SIM swaps escalating in US?
When Powell’s alleged scheme began in 2021, the FBI issued a warning, noting that criminals were increasingly using SIM-swap attacks, fueling total losses that year of $68 million.
Since then, US law enforcement has made several arrests, but none of the uncovered schemes come close to the alleged losses from the thefts Powell’s crew are being accused of.
In 2022, a Florida man, Nicholas Truglia, was sentenced to 18 months for stealing more than $20 million from a single victim. On top of forfeiting the stolen funds, Truglia was also ordered to forfeit more than $900,000 as a criminal penalty. According to security blogger Brian Krebs, Truglia was connected to a group that allegedly stole $100 million using SIM-swap attacks.
Last year, there were a few notable arrests. In October, the Department of Justice sentenced a hacker, Jordan Dave Persad, to 30 months for stealing nearly $1 million from “dozens of victims.” And in December, four Florida men received sentences between eight and 27 months for stealing more than $509,475 in SIM-swap attacks.
Ars could not find any FBI warnings since 2021 raising awareness that losses from SIM-swap attacks may be further increasing to amounts as eye-popping as the alleged losses in Powell’s case.
A DOJ official was unable to confirm if this is the biggest SIM-swapping scheme alleged in the US, directing Ars to another office. Ars will update this report with any new information the DOJ provides.
US officials seem aware that some bad actors attempting SIM-swap attacks appear to be getting bolder. Earlier this year, the Securities and Exchange Commission was targeted in an attack that commandeered the agency’s account on X, formerly known as Twitter. That attack led to a misleading X post falsely announcing the approval of bitcoin exchange-traded funds, causing a brief spike in bitcoin’s price.
To protect consumers from SIM-swap attacks, the Federal Communications Commission announced new rules last year to “require wireless providers to adopt secure methods of authenticating a customer before redirecting a customer’s phone number to a new device or provider. The new rules require wireless providers to immediately notify customers whenever a SIM change or port-out request is made on customers’ accounts and take additional steps to protect customers from SIM swap and port-out fraud.” But an Ars review found these new rules may be too vague to be effective.
In 2021, when European authorities busted a SIM-swapping ring allegedly targeting high-profile individuals worldwide, Europol advised consumers to avoid becoming targets. Tips included using multifactor authentication, resisting associating sensitive accounts with mobile phone numbers, keeping devices updated, avoiding replying to suspicious emails or callers requesting sensitive information, and limiting personal data shared online. Consumers can also request the highest security settings possible from mobile carriers and are encouraged to always use stronger, longer security PINs or passwords to protect devices.
For those who trade in child sexual exploitation images and videos in the darkest recesses of the Internet, cryptocurrency has been both a powerful tool and a treacherous one. Bitcoin, for instance, has allowed denizens of that criminal underground to buy and sell their wares with no involvement from a bank or payment processor that might reveal their activities to law enforcement. But the public and surprisingly traceable transactions recorded in Bitcoin’s blockchain have sometimes led financial investigators directly to pedophiles’ doorsteps.
Now, after years of evolution in that grim cat-and-mouse game, new evidence suggests that online vendors of what was once commonly called “child porn” are learning to use cryptocurrency with significantly more skill and stealth—and that it’s helping them survive longer in the Internet’s most abusive industry.
Today, as part of an annual crime report, cryptocurrency tracing firm Chainalysis revealed new research that analyzed blockchains to measure the changing scale and sophistication of the cryptocurrency-based sale of child sexual abuse materials, or CSAM, over the past four years. Total revenue from CSAM sold for cryptocurrency has actually gone down since 2021, Chainalysis found, along with the number of new CSAM sellers accepting crypto. But the sophistication of crypto-based CSAM sales has been increasing. More and more, Chainalysis discovered, sellers of CSAM are using privacy tools like “mixers” and “privacy coins” that obfuscate their money trails across blockchains.
Perhaps because of that increased savvy, the company found that CSAM vendors active in 2023 persisted online—and evaded law enforcement—for a longer time than in any previous year, and about 57 percent longer than even in 2022. “Growing sophistication makes identification harder. It makes tracing harder, it makes prosecution harder, and it makes rescuing victims harder,” says Eric Jardine, the researcher who led the Chainalysis study. “So that sophistication dimension is probably the worst one you could see increasing over time.”
Better stealth, longer criminal lifespans
Scouring blockchains, Chainalysis researchers analyzed around 400 cryptocurrency wallets of CSAM sellers and more than 10,000 buyers who sent funds to them over the past four years. Their most disturbing finding in that broad economic study was that crypto-based CSAM sellers seem to have a longer lifespan online than ever, suggesting a kind of relative impunity. On average, CSAM vendors who were active in 2023 remained online for 884 days, compared with 560 days for those active in 2022 and just 112 days in 2020.
To explain that new longevity for some of the most harmful actors on the Internet, Chainalysis points to how CSAM vendors are increasingly laundering their proceeds with cryptocurrency mixers—services that blend users’ funds to make tracing more difficult—such as ChipMixer and Sinbad. (US and German law enforcement shut down ChipMixer in March 2023, but Sinbad remains online despite facing US sanctions for money laundering.) In 2023, Chainalysis found that about 46 percent of CSAM vendors used mixers, up from around 22 percent in 2020.
Chainalysis also found that CSAM vendors are increasingly using “instant exchanger” services that often collect little or no identifying information on traders and allow them to swap bitcoin for cryptocurrencies like Monero and Zcash—”privacy coins” designed to obfuscate or encrypt their blockchains to make tracing their cash-outs of profits far more difficult. Chainalysis’ Jardine says that Monero in particular seems to be gaining popularity among CSAM purveyors. In the company’s investigations, Chainalysis has seen it used repeatedly by CSAM sellers laundering funds through instant exchangers, and in multiple cases it has also seen CSAM forums post Monero addresses to solicit donations. While the instant exchangers did offer other cryptocurrencies, including the privacy coin Zcash, Chainalysis’ report states that “we believe Monero to be the currency of choice for laundering via instant exchangers.”
Enlarge/ A screenshot from Jack Gamble’s video outing Stephen Harrison as HyperVerse’s fake CEO, posted on Gamble’s “Nobody Special Finance” YouTube channel.
An Englishman currently living in Thailand, Stephen Harrison confirmed to The Guardian that HyperVerse hired him to pose as CEO Steven Reece Lewis. Harrison told The Guardian that he was “deeply sorry” to HyperVerse investors—who lost a reported $1.3 billion after buying into a cryptocurrency-mining operation that promised “double or triple returns,” but did not exist, Court Watch reported.
Harrison claimed that he had “certainly not pocketed” any portion of those funds. Instead, he told The Guardian that he was paid about $7,500 over nine months. To play the part of CEO, he was also given a “wool and cashmere suit, two business shirts, two ties, and a pair of shoes,” The Guardian reported.
Harrison said that he had no part in HyperVerse’s alleged scheme to woo investors with false promises of high returns.
“I am sorry for these people,” Harrison said. “Because they believed some idea with me at the forefront and believed in what I said, and God knows what these people have lost. And I do feel bad about this.”
He also said that he was “shocked” to find out that HyperVerse had falsified his credentials, telling investors that Harrison was a fintech whiz—supposedly earning prestigious degrees before working at Goldman Sachs, then selling a web development company to Adobe before launching his own IT startup.
Harrison claimed that he only found out about this resume fraud when The Guardian investigated and found that nothing on his resume checked out.
“When I read that in the papers, I was like, blooming heck, they make me sound so highly educated,” Harrison told The Guardian.
He confirmed that he had received general certificates of secondary education but that his expertise was “certainly not on that level” that HyperVerse claimed that it was.
“They painted a good picture of me, but they never told me any of this,” Harrison told The Guardian.
Getting hired as fake CEO
According to The Guardian, Harrison was working as an unpaid freelance sports commentator when a “friend of a friend” told him about the HyperVerse gig.
The contract that Harrison signed was with an Indonesian-based talent agency called Mass Focus Ltd. It stated that he would be hired as “presenter talent,” The Guardian reported. However, The Guardian could find “no record of a company of this name on the Indonesian company register.”
Harrison’s agent allegedly told him that it was common for companies to hire corporate “presenters” to “represent the business” and reassured him that HyperVerse was “legitimate.”
Even after those assurances, Harrison said that he was still worried that HyperVerse might be a “scam,” researching the company online but ultimately deciding that “everything seemed OK.”
“So, I rolled with it,” Harrison told The Guardian.
Harrison said that promotional videos that he recorded as HyperVerse CEO were filmed in “makeshift studios” in Bangkok. He said that he was asked to start using the fake name Steven Reece Lewis while filming the second video. When he questioned why a fake name was necessary, HyperVerse allegedly told him that he was “acting the role.”
His agent allegedly told him that this was “perfectly normal” and after that, he “never went online and checked about Steven Reece Lewis,” he told The Guardian.
“I looked on YouTube occasionally, way back when they put the presentations up, but apart from that I was detached from this role,” Harrison said.
Over nine months, Harrison mostly worked one to two hours monthly, making videos posing as HyperVerse’s CEO.
There was also a Twitter account launched under the fake name Steven Reece Lewis. The Guardian noted that the date of Harrison’s final paycheck from HyperVerse “coincided with the last date the Twitter account was active,” but Harrison told The Guardian that he “had no oversight” of that account. When he was ending his stint as fake CEO, Harrison told The Guardian that he “requested that the Twitter account be shut down.”
Harrison also told The Guardian that he had “no contact at any point” with HyperVerse heads Sam Lee and Ryan Xu, exclusively dealing with a local contact in Thailand.
There’s currently a surge in cryptocurrency and phishing scams proliferating on X (formerly Twitter)—hiding under the guise of gold and gray checkmarks intended to mark “Verified Organizations,” reports have warned this week.
These scams seem to mostly commandeer dormant X accounts purchased online through dark web marketplaces, according to a whitepaper released by the digital threat monitoring platform CloudSEK. But the scams have also targeted high-profile X users who claim that they had enhanced security measures in place to protect against these hacks.
This suggests that X scammers are growing more sophisticated at a time when X has launched an effort to sell even more gold checks at lower prices through a basic tier announced this week.
Most recently, the cyber threat intelligence company Mandiant—which is a subsidiary of Google—confirmed its X account was hijacked despite enabling two-factor authentication. According to Bleeping Computer, the hackers used Mandiant’s account to “distribute a fake airdrop that emptied cryptocurrency wallets.”
A Google spokesperson declined to comment on how many users may have been scammed, but Mandiant is investigating and promised to share results when its probe concludes.
In September, a similar fate befell Ethereum co-founder Vitalik Buterin, who had his account hijacked by hackers. The bad actors posted a fake offer for free non-fungible tokens (NFTs) with a link to a fake website designed to empty cryptocurrency wallets. The post was only up for about 20 minutes but drained $691,000 in digital assets from Buterin’s unsuspecting followers, according to CloudSEK’s research.
Another group monitoring cryptocurrency and phishing scams linked to X accounts is MalwareHunterTeam (MHT), Bleeping Computer reported. This week, MHT has flagged additional scams targeting politicians’ accounts, including a Canadian senator, Amina Gerba, and a Brazilian politician, Ubiratan Sanderson.
On X, gold ticks are supposed to reassure users that an account can be trusted by designating that an account is affiliated with an official organization or company. Gray ticks signify an account is linked to government organizations. CloudSEK estimated that hijacked gold and gray checks could be sold online for between $1,200 to $2,000, depending on how old the account is or how many followers it has. Bad actors can also buy accounts affiliated with gold accounts for $500 each.
A CloudSEK spokesperson told Ars that its team is “in the process of reporting the matter” to X.
X did not immediately respond to Ars’ request to comment.
CloudSEK predicted that scams involving gold checks would continue to be a problem so long as selling gold and gray checks remains profitable.
“It is evident that threat actors would not budge from such profit-making businesses anytime soon,” CloudSEK’s whitepaper said.
For organizations seeking to avoid being targeted by hackers on X, CloudSEK recommends strengthening brand monitoring on the platform, enhancing security settings, and closing out any dormant accounts. It’s also wise for organizations to cease storing passwords in a browser, and instead use a password manager that’s less vulnerable to malware attacks, CloudSEK said. Organizations on X may also want to monitor activity on any apps that become connected to X, Bleeping Computer advised.
Looking back, 2023 will likely be remembered as the year of the fallen crypto bro.
While celebrities like Kim Kardashian and Matt Damon last year faced public backlash after shilling for cryptocurrency, this year’s top headlines traced the downfalls of two of the most successful and influential crypto bros of all time: FTX co-founder Sam Bankman-Fried (often referred to as SBF) and Binance founder Changpeng Zhao (commonly known as CZ).
At 28 years old, Bankman-Fried made Forbes’ 30 Under 30 list in 2021, but within two short years, his recently updated Forbes profile notes that the man who was once “one of the richest people in crypto” in “a stunning fall from grace” now has a real-time net worth of $0.
Ultimately, Bankman-Fried’s former FTX/Alameda Research partners, including his ex-girlfriend Caroline Ellison, testified against him. Ellison’s testimony led to even weirder revelations about SBF, like Bankman-Fried’s aspirations to become US president and his professed rejection of moral ideals like “don’t steal.” By the end of the trial, it seemed like very few felt any sympathy for the once-FTX kingpin.
Bankman-Fried now faces a maximum sentence of 110 years. His exact sentence is scheduled to be determined by a US district judge in March 2024, Reuters reported.
While FTX had been considered a giant force in the cryptocurrency world, Binance is still the world’s biggest cryptocurrency exchange—and considered more “systemically important” to crypto enthusiasts, Bloomberg reported. That’s why it was a huge deal when Binance was rocked by its own scandal in 2023 that ended in its founder and CEO, Zhao, admitting to money laundering and resigning.
Arguably Zhao’s fall from grace may have been more shocking to cryptocurrency fans than Bankman-Fried’s. Just one month prior to Zhao’s resignation, after FTX collapsed, The Economist had dubbed CZ as “crypto’s last man standing.”
Zhao launched Binance in 2017 and the next year was featured on the cover of Forbes’ first list of the wealthiest people in crypto. Peering out from under a hoodie, Zhao was considered by Forbes to be a “crypto overlord,” going from “zero to billionaire in six months,” where other crypto bros had only managed to become millionaires.
But 2023 put an abrupt end to Zhao’s reign at Binance. In March, the Commodity Futures Trading Commission (CFTC) sued Binance and Zhao over suspected money laundering and sanctions violations, triggering a Securities and Exchange Commission lawsuit in June and a Department of Justice (DOJ) probe. In the end, Binance owed billions in fines to the DOJ and the CFTC, which Secretary of the Treasury Janet Yellen called “historic penalties.” For personally directing Binance employees to skirt US regulatory compliance—and hide more than 100,000 suspicious transactions linked to terrorism, child sexual abuse materials, and ransomware attacks—Zhao now personally owes the CFTC $150 million.
On the social media platform X (formerly Twitter), Zhao wrote that after stepping down as Binance’s CEO, he will be taking a break and likely never helming a startup ever again.
“I am content being [a] one-shot (lucky) entrepreneur,” Zhao wrote.
Enlarge/ Founder and CEO of Binance Changpeng Zhao, commonly known as “CZ,” in May 10, 2022, in Rome, Italy.
Now that a federal court has approved a settlement with Binance, the world largest cryptocurrency exchange is hoping to move past a money-laundering scandal that forced its founder and CEO, Changpeng Zhao, to resign and overnight drained more than $1 billion in assets from its platform.
Under the settlement, Binance will “disgorge $1.35 billion of ill-gotten transaction fees and pay a $1.35 billion penalty” to the Commodity Futures Trading Commission (CFTC), the federal agency announced in a press release.
Additionally, Zhao will personally pay a $150 million civil monetary penalty. According to a plea agreement with the US Department of Justice—which ordered Binance to pay a “historic” penalty of $4.3 billion—Zhao’s previously ordered $50 million fine can be credited under certain terms against the amount that Zhao owes the CFTC.
The CFTC found that Zhao directed Binance to dodge US regulatory requirements and violate Binance’s own terms of use to hide unauthorized US trading on the exchange. Binance did this by soliciting US customers to trade on the platform without being subjected to Binance’s know-your-customer (KYC) procedures.
“Zhao and Binance were aware of US regulatory requirements, but chose to ignore them and knowingly concealed the presence of US customers on the platform,” the CFTC’s press release said. “The order also finds Zhao and other members of Binance’s senior management actively facilitated violations of US law, including instructing US customers to evade compliance controls.”
Among those “aiding and abetting Binance’s violations,” the CFTC said, was Binance’s former compliance-control officer, Samuel Lin. Under a separate order, Lin must pay a $1.5 million civil monetary penalty, the CFTC noted.
As part of the settlement, Binance will no longer allow customers to use sub-accounts to skirt KYC procedures and has agreed to remove all non-compliant accounts from the platform. Moving forward, Binance has agreed to “no longer allow existing sub-accounts, including those opened by prime brokers, to bypass the platform’s compliance controls,” the CFTC said.
Binance must also implement a new corporate governance structure, adding a board of directors with independent members and compliance and audit committees. This structure is intended to prevent Binance from approving suspicious transactions linked to terrorism, child sexual abuse, and ransomware attacks, as well as from violating anti-money laundering and sanctions laws.
In November, when Zhao resigned, Binance said that settling these lawsuits would help the crypto exchange “turn the page,” Reuters reported.
Zhao’s plea agreement prevents him from making any public statements contradicting his acceptance of responsibility for Binance’s schemes, and he has kept his word on that front. Shortly after resigning, Zhao wrote on the social media platform X (formerly Twitter) that he had made mistakes and must take responsibility “for our community, for Binance, and for myself.”
Within one day after Zhao resigned, though, some Binance users immediately did not appear confident in the platform, withdrawing more than $1 billion from the exchange, CNBC reported. A market analyst told CNBC that Binance’s token suffered most from the CEO stepping down.
However, the majority of Binance’s assets—more than $65 billion—remained on the platform, CNBC reported, indicating that Binance is likely big enough to survive this year’s legal storms.
Zhao said he was “proud to point out” that the plea deals “do not allege that Binance misappropriated any user funds” or “that Binance engaged in any market manipulation.” Naming his successor as CEO—Binance’s former global head of regional markets, Richard Teng—Zhao expressed confidence that Teng would “ensure Binance delivers on our next phase of security, transparency, compliance, and growth.”
