The week in Crypto Fraud - April 22 2022 (#1)
This week in Crypto Fraud focuses on each weeks developments in crypto asset crime, fraud and investigations. We can’t cover everything so just the most interesting or noteworthy highlights, with some general reporting.
OFAC sanctions Bitriver
(US Treasury - https://home.treasury.gov/news/press-releases/jy0731)
The US Office of Foreign Assets Control (OFAC) has designated Bitriver, the Russian cryptocurrency mining company and its subsidiaries.
This is the first time a mining crypto company has been sanctioned. The timing of these sanctions is interesting as Bitriver is currently pre-selling their own crypto token (BTR) which was expected to be more widely traded on Friday. The token sale was to find further development of mining farms in Siberia and targeted buyers globally hoping to raise $35 million.
Crypto mining companies in Russia also rely on relatively high-tech imported equipment and fiat payments, which could make them vulnerable to sanctions. It is likely though that operations will continue as much of the required equipment is likely imported from China.
This may be a turning point for the Russian government's attitude to crypto mining. Prior to the war in Ukraine, reports suggested that mining could face a ban or higher electricity tariffs, although this could change given the wider sanctions miners now face.
Notes for investigators
There is limited impact to cryptocurrency investigations, however compliance assessments should consider whether transactions that can be linked to BitRiver may be sanctioned. There is the potential for further sanctions against Russian mining operations.
MetaMask Asks Apple Users to Disable iCloud Backup for Wallet After User Lost $650,000
(HackRead - https://www.hackread.com/metamask-warns-apple-users-disable-icloud-backup/ and Twitter (@MetaMask)
NFT collector Domenic Lacovone revealed he has been the victom of a scam on Twitter. He received a call from a number which showed Apple Inc in the (spoofed) Called ID. The caller convinced him to provide a security code to access his Apple Account and then accessed his MetaMask wallet, emptying it of over $650,000.
In the background the scammer initiates an password rest for the Apple ID. They request the two-factor authentication code, pretending that it is needed to verify that the victim is the owner of the account.
MetaMask stores a copy of the wallet seed phrase in iCloud. MetaMask has warned Apple users to disable automatic iCloud backup of their wallet data. It is possible to disable Metamask iCloud backups which will prevent the attack but which should be balanced against the need for a redundant copy of the wallet data.
Notes for investigators
Investigators using or advising on the security of MetaMask should consider the disabling of iCloud backups, as well as an awareness of spoofed calls.
3 guilty in relation to unlawful Virtual Currency sales business
(US DOJ - https://www.justice.gov/usao-nh/pr/three-plead-guilty-wire-fraud-connection-unlawful-virtual-currency-sales-business)
Three individuals Andrew Spinella, 36, of Derry, Renee Spinella, 24, of Derry, and Nobody, a/k/a Richard Paul, 53, of Keene, have pled guilty to wire fraud.
The three opened and operated accounts at financial institutions as personal accounts in their names or as business accounts in the names of churches in order to allow their co-defendant, Ian Freeman, to use them to sell virtual currency. This included the ‘Crypto Church of NH’, ‘Church of the Invisible Hand’ as well as accounts in their names.
Freeman and two further defendants will stand trial later in the year.
Notes for investigators
Investigators should be aware of named institutions such as Churches being linked to cryptocurrency as a red flag, and the use of personal accounts for money laundering.
SafeMoon embroiled in further scandal as promoter accused of $12 million fraud
(CryptoSlate- https://cryptoslate.com/safemoon-embroiled-in-further-scandal-as-promoter-accused-of-12-million-fraud/)
YouTuber Stephen Findeisen has made specific allegations into pump and dump activity in relation to the Safemoon currency. This seems to be a pattern for both new currencies and internet ‘investigators’, of allegations and counter-complaints.
Ben Philips, a UK based influencer is alleged to have promoted the SafeMoon project whilst selling his fees, paid in $SAFE, via PancakeSwap according to Findeisen. The expose video is available here.
Notes for investigators
When assessing a new or upcoming currency the backgrounds and incentives of its promotors should be assessed, as well as review of their transaction history where possible to see if they are potentially exiting from a currency they are promoting.
New York Man Arrested for Alleged $1.8M Crypto Mining Scam
(Coindesk - https://www.coindesk.com/policy/2022/04/21/new-york-man-arrested-for-alleged-18m-crypto-mining-scam/ and US Justice Dept - https://www.justice.gov/usao-sdny/pr/man-charged-defrauding-customers-who-sought-buy-cryptocurrency-mining-computers-and)
Between March 2019 and September 2021, officials say Chester “Chet” Stojanovich posed as a dealer of crypto mining equipment, convincing his would-be customers to fork over large payments for mining machines and miner-hosting services, which Stojanovich promised to arrange at a facility in Goose Bay in Canada's Newfoundland and Labrador province.
Whilst on the surface this looks like a crypto fraud it is essentially a more traditional scam, with Stojanovich allegedly failing to provide crypto mining services that had been invoiced and paid for to the total of over $1.66m.
Notes for investigators
We recommend investigators advise clients or stakeholders that due-diligence is still required on transactions or investments involving crypto currencies or associated services. These are not new or complex scams.