Data Loss Prevention (DLP) , Fraud Management & Cybercrime , Governance & Risk Management

Bitcoin Exchange Crackdown: Two Employees Plead Guilty

Coin.mx Laundered Ransomware Funds Connected to JPMorgan Chase Breach, Prosecutors Say
Bitcoin Exchange Crackdown: Two Employees Plead Guilty

A Florida man is the latest to plead guilty to helping operate an unlicensed bitcoin exchange as part of a wide-ranging case that prosecutors say involves three men charged with running a massive pump-and-dump stock scheme that involved hacking into multiple financial institutions, including JPMorgan Chase.

See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries

Ricardo Hill, 38, appeared Jan. 17 in Manhattan court to plead guilty to seven charges, including bank fraud, wire fraud and conspiracy to operate an unlicensed money-transmitting business, Reuters reports.

The court date followed prosecutors writing to U.S. District Judge Alison J. Nathan on Jan. 13, saying that Hill wanted to appear in court "to enter a guilty plea pursuant to a plea agreement." He was accused of serving as a finance support manager and business development consultant for internet-based bitcoin exchange Coin.mx.

To date, nine individuals have been indicted as a result of related investigations.

Prosecutors say Coin.mx was owned by Israeli Gery Shalon, and they've accused him - together with Maryland-born Joshua Samuel Aaron - of commissioning online attacks against 12 U.S. financial institutions, including JPMorgan Chase, that resulted in personal information for more than 100 million people being compromised. According to a related indictment, a third man, Israeli Ziv Orenstein, allegedly opened bank and brokerage accounts using aliases and shell companies to help funnel stolen proceeds, in part, via overseas accounts (see Charges Announced in JPMorgan Chase Hack).

The three men allegedly engaged in misleading email campaigns, as well as a pump-and-dump stock scheme that earned them at least $2.8 million in profits, according to court filings.

All three men have pleaded not guilty.

Exchange Allegedly Used to Launder Bitcoins

Hill's Jan. 17 plea follows Anthony Murgio, 33, of Florida, who operated Coin.mx from 2013 to 2015, pleading guilty earlier this month to violating anti-money laundering regulations as well as conspiring to obstruct an examination of a federal credit union used by the exchange to exchange cryptocurrency into cash.

In July 2015, the Manhattan U.S. Attorney's office had accused Murgio and Yuri Lebedev, both based in Florida, of operating Coin.mx as an unlicensed money-transmitting business. Prosecutors said Coin.mx was used to illegally move money out of the United States to overseas bank accounts, while the defendants disguised their activities via front companies named "Collectables Club" and "Currency Enthusiasts."

Prosecutors also accused the men of installing people on the board of directors of the Helping Other People Excel Federal Credit Union, aka Hope FCU, which Coin.mx allegedly used to process more than $10 million in bitcoin transactions without reporting them to authorities. Prosecutors said the bitcoin funds had included ransoms paid by ransomware victims (see Feds Add Ransomware to Pump/Dump Scheme Charges).

Authorities say that the related payment processing activities were discovered by the National Credit Union Administration, which forced the credit union to cease such processing, after which the suspects found overseas payment processing channels. Hope FCU closed in 2015 and entered liquidation.

Murgio Pleads Guilty

Facing those charges, Murgio pleaded guilty Jan. 9 in Manhattan federal court to running a bitcoin exchange that processed more than $10 million in bitcoin transactions without reporting them to authorities - in violation of federal anti-money laundering statutes - as well as conspiring to obstruct the NCUA's examination into links between Coin.mx and Hope FCU.

Murgio is due to be sentenced June 16 by Judge Nathan. He faces a maximum prison sentence of 40 years - 5 years each for running an unlicensed money transmitting business and conspiracy to obstruct the examination of a financial institution, as well as up to 30 years for conspiracy to commit bank fraud.

Beyond Hill, two of Murgio's other co-defendants, also Florida residents, pleaded guilty to related charges in October 2016 and await sentencing. Murgio's father, Michael J. Murgio, pleaded guilty to one count of conspiracy to obstruct an examination of a financial institution, and faces up to five years in prison. He's scheduled to be sentenced by Judge Nathan on Jan. 27. Meanwhile, Jose M. Freundt pleaded guilty to operating an unlicensed money transmitting business, wire fraud, conspiring to corruptly make payments to an officer of a financial institution - as well as paying $150,000 in illegal bribes - and faces up to 105 years in prison. He's is scheduled to be sentenced by Judge Nathan on April 13.

Trials for two additional co-defendants - Lebedev, as well as Trevon Gross - are scheduled to begin Feb. 6.

Alleged Bank Hacking Connection

As noted, the Coin.mx and Hope FCU allegations are part of a much bigger case involving the alleged pump-and-dump stock scheme plus related hacks of U.S. banks.

Prosecutors in November 2015 indicted Shalon, Orenstein and Aaron on related charges. According to a related indictment, the men are accused of running an illegal pump-and-dump stock scheme that blasted out millions of spam emails per day to artificially "pump" up the price of penny stocks they owned before then "dumping" the stocks and making a profit. The scheme allegedly ran from 2012 to mid-2015 and earned the men at least $2.8 million. Financial services heavyweights, including JPMorgan Chase, Fidelity Investments and E*Trade Financial, were targeted, and more than 100 million individuals' personal information was compromised, according to court filings.

Shalon and Orenstein were both arrested by Israeli authorities in July 2015 and extradited to the United States in June 2016 (see Israel to Extradite Alleged Chase Hackers).

Aaron, who also uses the alias "Mike Shields," was arrested at JFK International Airport on Dec. 14, 2016, after voluntarily returning to the United States from Moscow to face related charges (see Third Alleged Hacker Arrested in Chase Breach).

Aaron and Shalon have been charged with computer hacking, with U.S. Attorney Preet Bharara accusing them of having run a "hacking as a business model" operation.

All three men face other charges - including securities fraud, wire fraud, market manipulation, identification document fraud, aggravated identity theft and money laundering - that collectively carry maximum prison sentences of more than 100 years.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.