A U.S. federal grand jury has indicted two Russian men in connection with an email scam that defrauded American cryptocurrency exchanges out of nearly $17 million.
The Department of Justice on Wednesday unsealed charges against the Russian nationals, Danil Potekhin and Dmitrii Karasavidi, accusing them of using a combination of phishing messages and spoofed websites to steal virtual currency from users at three cryptocurrency exchanges.
The fraud effort netted attackers $16.8 million from 2017 to 2018, according to the Justice Department. A grand jury returned the charges in February.
By directing victims to visit financial websites that seemed legitimate, the attackers duped traders into entering their usernames and passwords into sites under their control. After gathering the credentials from their malicious site, Potekhin and Karasavidi directed funds from those accounts into their own, prosecutors said.
The U.S. Treasury Department also announced Wednesday it has enacted sanctions against the two men, forbidding Americans from doing business with them.
The charges were made public amid a flurry of activity from the Justice Department’s cybercrime prosecutors. Earlier Wednesday, attorneys publicized charges against five Chinese nationals for alleged involvement in an international hacking campaign. The government also charged two alleged hackers accused of being involved in defacing American websites following the U.S. killing of Iranian general Qassem Soleimani.
The allure of cryptocurrency
While the latest indictment does not identify the victimized cryptocurrency exchanges, it charges that Potekhin operated 13 distinct fake domains to target more than 150 people. The pair also created multiple fake accounts on the real exchange, allowing them to move funds through the site.
The charges are the latest evidence that scammers are aiming to exploit cryptocurrency exchanges, often to take over accounts and steal money or to launder funds. The Treasury Department’s Financial Crimes Enforcement Network in 2019 issued an alert warning that thieves would “continue to exploit virtual currency to support illegal activity, money laundering, and other behavior[.]”
A March 2019 report from the United Nations, for instance, determined that hackers operating on behalf of the North Korean government stole $571 from various cryptocurrency exchanges. Malicious cyber activities, the report noted, “have become an important tool in the evasion of sanctions and have grown in sophistication and scale since 2016.”
The indictment is available in full below.