US charges two Russians for stealing $16.8m via cryptocurrency phishing sites

The two hackers stole from hundreds of users of cryptocurrency exchanges Poloniex, Binance, and Gemini.
Written by Catalin Cimpanu, Contributor
Max Pixel

The US Department of Justice has filed charges today against two Russian nationals for orchestrating a multi-year phishing operation against the users of three cryptocurrency exchanges.

The two suspects stand accused of creating website clones for the Poloniex, Binance, and Gemini cryptocurrency exchanges, luring users on these fake sites, and collecting their account credentials. These phishing operations began around June 2017.

US officials said the Russian duo — made up of Danil Potekhin (aka cronuswar) and Dmitrii Karasavidi; residents of Voronezh and Moscow, respectively — used the stolen credentials to access victim accounts and steal their Bitcoin (BTC) and Ether (ETH) crypto-assets.

In total, US officials estimated the victims in the hundreds. Court documents cite 313 defrauded Poloniex users, 142 Binance victims, and 42 users at Gemini.

Losses were estimated at $16,876,000.

According to a superseding indictment unsealed today, Potenkhin and Karasavidi transferred the stolen funds into intermediary accounts set up using fake identities at other cryptocurrency exchange portals, such as Poloniex, Binance, Gemini, and Bittrex.

In a press release today, US Treasury Department said that despite efforts to launder stolen funds across different exchanges, accounts, and blockchains, some of the funds stolen by the two hackers have been traced and seized by the US Secret Service. Treasury officials have also imposed sanctions on the two suspects.

Suspects also engaged in crypto-market manipulation

But the DOJ said the two Russians weren't pleased with only stealing funds. The two also engaged in market manipulation using cheap altcoins (alternative crytocurrency coins).

"The defendants first created a number of fictitious accounts on the same [exchange] platform and each account purchased an inexpensive digital currency known as GAS prior to the manipulation," DOJ official said, citing an incident that occurred between July 2017.

"Then, on October 29, 2017, the defendants took control of the three victim customer accounts and used the digital currency contained in those accounts, with a value of over $5 million at that time, to purchased GAS at the same time, which increased demand and price.

"The defendants and their co-conspirators then quickly converted the digital currency in their fictitious accounts from GAS to Bitcoin and other digital currencies, causing the value of GAS to plummet."

According to a recorded press release today, US Attorney for the Northern District of California David Anderson said the two Russians face up to 59 years in prison for their crimes.

The two remain at large.

Cryptocurrency cyberattacks and breaches of 2019 (in pictures)

Editorial standards