US authorities have charged two Russian men with allegedly defrauding cryptocurrency exchanges and their customers out of at least $16.8 million.

The men – Danil “Cronuswar” Potekhin, 25, and 35-year-old Dmitrii Karasavidi, of Voronezh and Moscow respectively – are said to be responsible for a phishing campaign that targeted customers of cryptocurrency exchanges between July 2017 until at least October 2018.

Potekhin is accused of creating spoof websites that mimicked legitimate cryptocurrency exchange websites, but were really designed to steal the login credentials of victims.

Potekhin is said to have created and managed at least 13 fake domains posing as the Poloniex exchange. Similarly, sites were set up posing as the Binance and Gemini exchange platforms.

Hundreds of victims of the exchanges are alleged to have been tricked into entering their passwords on the bogus sites, allowing Potehkin to access their real cryptocurrency accounts.

According to the US Treasury, Potekhin and his accomplices then used a variety of different techniques to steal funds.

Exfiltration of the digital currency is alleged to have taken place through a variety of means, including:

  • Using exchange accounts created using fictitious or stolen identities
  • Circumventing exchanges’ internal controls
  • Converting funds into different types of virtual currency
  • Moving virtual currency through multiple intermediary addresses

But for me the most interesting scheme involved attempting to manipulate a cryptocurrency’s price to maximise its value.

According to the US authorities, Potehkin is accused of using the combined $5 million worth of cryptocurrency in victims’ accounts to purchase an inexpensive digital currency called GAS.

As a consequence, GAS’s price rose considerably – pumped up by the large investment from hacked accounts. With GAS’s price pumped up dramatically, the alleged hackers are said to have dumped their GAS holdings, converting them into other types of cryptocurrency and making a (Read more...)