Dark Web Crypto Mixer Founder Sentenced to Over 12 Years for Money Laundering
Read also: A suspect linked to a $235M WazirX crypto heist arrested, Snowflake hackers indicted in the US, and more.
Thursday, November 14, 2024
Bitcoin Fog operator sentenced to 12 years in prison
Roman Sterlingov, the 36-year-old Russian-Swedish founder of Bitcoin Fog, the longest-running dark Web cryptocurrency “mixer” service, has been sentenced to 12 years and six months in prison for orchestrating one of the largest cryptocurrency money laundering schemes to date. Sterlingov was convicted in March 2024 following a month-long trial.
Bitcoin Fog, which operated from 2011 until Sterlingov’s arrest in 2021, was a service offering anonymity in cryptocurrency transactions. Using Bitcoin Fog, cybercriminals and Dark Web users were able to obscure the origins and destinations of funds. Over its decade-long operation, Bitcoin Fog processed more than 1.2 million bitcoin transactions, valued at approximately $400 million at the time of processing, according to court records.
Sterlingov faced numerous charges following his 2021 arrest and extradition to the United States, including conspiracy to commit money laundering, money laundering, operating an unlicensed money transmitting business, and engaging in unlicensed money transmission.
In addition to the prison sentence, Sterlingov has been ordered to forfeit nearly $396 million. Authorities also seized assets linked to Sterlingov, including $1.76 million in other monetary holdings and roughly 1,345 bitcoin (currently valued at over $112 million) held in Bitcoin Fog’s wallet.
US authorities indict hackers in major corporate breaches linked to AT&T, Snowflake, and other firms
The US authorities have indicted two hackers, Alexander “Connor” Moucka and John Erin Binns, for their roles in extensive corporate breaches affecting major businesses, including AT&T, Snowflake, and other high-profile firms.
Moucka was arrested in Canada on October 30, while Binns was apprehended earlier this year in Turkey. The indictment links them to a breach of Snowflake’s data management platform, where they exploited vulnerabilities and used info-stealer malware to siphon data from several companies. AT&T, Santander Bank, Ticketmaster, and Advance Auto Parts were among the affected entities, with data theft ranging from call logs and Social Security numbers to sensitive banking information.
The indictment alleges that the two defendants were involved in extortion and data sales. They are accused of demanding ransoms from at least three victims, reportedly receiving 36 bitcoins (valued at $2.5 million) in total. Additionally, AT&T allegedly paid $370,000 for deletion of the stolen data. Beyond extortion, the hackers offered the stolen data on the Dark Web marketplaces for further profit.
Moucka and Binns have been charged with conspiracy to defraud the US, unauthorized access under the Computer Fraud and Abuse Act, extortion, wire fraud, and aggravated identity theft. If convicted, the hackers face lengthy prison sentences.
Cybersecurity Compliance
Prevent data breaches and meet regulatory requirements
South Korean police arrest 215 in a $232M crypto investment scam
South Korean law enforcement has apprehended 215 individuals in connection with a massive cryptocurrency investment scam estimated at 325.6 billion won ($232 million). Among those arrested are employees of a sham investment consulting firm and an influential YouTuber with 620,000 subscribers who allegedly run the scheme.
The investigation revealed that between December 2021 and March 2023, more than 15,000 victims were deceived with promises of high returns from virtual asset investments, targeting primarily middle-aged and older people. Victims were urged to sell properties or take out loans to fund investments, enticed by the prospect of 20-fold returns.
The fraudulent scheme centered around 28 tokens, including six created by the group itself. Of those arrested, 12 remain in custody, including the alleged mastermind behind the scheme, who reportedly fled South Korea, traveling through Hong Kong and Singapore before reaching Australia.
In a separate anti-fraud operation, German and Cypriot authorities dismantled 13 fake investment platforms, arresting four suspects involved in a multi-million-euro fraud and money laundering scheme. Operating from a call center in Cyprus, the fraud targeted approximately 170 German investors, enticing them with fake online statistics showing false profits. The victims lost an estimated total of EUR 10 million, receiving no real returns on their investments.
Lifelock hacker gets 10 years in prison for breaching a medical clinic, extortion
Robert Purbeck, known online as “Lifelock,” was sentenced to 10 years in prison after a spree of data breaches and extortion attempts across the United States. Purbeck, 45, from Meridian, Idaho, hacked into the computer systems of various institutions, including a medical clinic and 17 additional victims nationwide, stealing the sensitive information of over 132,000 people.
As part of the scheme, Purbeck purchased access credentials on a Dark Web marketplace, using which he breached a medical clinic and stole the sensitive personal data of more than 43,000 individuals, which included details like names, birth dates, addresses, and social security numbers. In a separate instance, Purbeck accessed a police department server using the stolen credentials he bought on the underground market. He then siphoned police reports and personal information related to over 14,000 individuals from the server.
He also attempted to extort an orthodontist, demanding a ransom in Bitcoin in exchange for stolen patient data, according to the authorities. To pressure the orthodontist, he threatened to publicly release patient records, including sensitive information about the victim's minor child.
The FBI executed a search warrant at Purbeck’s residence on August 21, 2019, seizing multiple devices containing data from his hacking operations. Purbeck pleaded guilty in March 2024. In addition to his prison term, he is required to pay over $1 million in restitution.
Indian police arrest a suspect linked to a $235M WazirX crypto heist
Delhi Police have apprehended SK Masud Alam, a resident of West Bengal, in connection with the massive $235 million cyber heist targeting the popular Indian cryptocurrency exchange WazirX.
The investigation revealed that Alam had set up a fake WazirX account and then sold it to another individual on the Telegram platform. This individual is believed to have utilized the acquired account to compromise WazirX's systems and pilfer digital assets.
The cyber-attack, which occurred in July, resulted in the theft of over $230 million in digital assets—nearly 45% of WazirX's holdings. The breach involved a multi-signature wallet. The investigation found no evidence of unauthorized access to WazirX's internal systems.
Alam was charged with multiple counts related to cyber fraud and unauthorized access, among other offenses.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
