This Week in Crypto Fraud - 29 April 2022 (#2)
This week in Crypto Fraud focuses on each weeks developments in crypto asset crime, fraud and investigations.
This week we cover the Axie hack and funds linked to the Lazarus group, new OFAC sanctions of ETH addresses, fraud charges related to Bit Block Fund, Influencer scams and finally a guilty plea in the Crypto Capital case.
We can’t cover everything so just the most interesting or noteworthy highlights, with some general reporting.
Ronin/Axie hack funds linked to the DPRK Lazarus group frozen.
(US Treasury - https://home.treasury.gov/news/press-releases/jy0731)
There were widespread reports that the funds linked to the hack of cryptocurrency game Axie Infinity started to move on the 22 of April. Axie users lost $650 in an attack on Ronin, a Ethereum based private side-chain supporting the game.
Binance froze $5.8m across 86 accounts linked to the group. The transactions across the Ethereum network were obvious, with little attempt to launder the proceeds before they reached the Binance.
There are reports that $170m from the attack was moved to Tornado Cash, a smart contract based Mixer.
Notes for investigators
Transactions linked to the Axie hack are high risk, both in terms of potential recovery action by law enforcement and from a sanctions perspective given the links between the attack and DPRK associated Lazarus group. Investigators should review current deposits and transactions to links from the attack directly, as well as assessing large transfers linked to Tornado Cash.
Attacks like this are actually pretty obvious, with the funds being transferred to a single address before being passed on. Once an attack has been discovered investigators should review the onwards flow of funds to ascertain their own exposure or to look for opportunities for recovery.
Partners in Block Bits Fund charged with fraud.
(US DOJ - https://www.justice.gov/usao-ndca/pr/san-francisco-man-charged-alleged-cryptocurrency-investor-fraud-scheme)
Two partners in the San Francisco based Block Bits Fund have been charged with fraud. Japheth Dillman and David Mata are alleged to have misrepresented how the funds underlying technology would work, and how funds were being held.
The fund was allegedly developing an ‘autotrader’ that would complete cryptocurrency arbitrage trades on different exchanges, taking advantage of inter-exchange price differences. According to the complaint, Block Bits Fund was never able to develop a functioning autotrader.
Dillman allegedly misrepresented how investor funds were being placed in “cold storage” where they would return high rates of profit for investors.
Notes for investigators
When assessing investments into cryptocurrency-based fintech companies or funds it is key to conduct detailed due-diligence. Rigour should be applied to reviewing the underlying technology or investment proposition, as well as it’s state of implementation.
The storage of funds is a common issue with many frauds. Care should be taken to ensure that third-party storage agreements are reviewed and valid, along with confirmation of the flow of funds to and from suitable addresses. This is not fool proof, as addresses may be controlled by the same individual.
Lazarus group ETH addresses added to OFAC SDN list.
(US OFAC - https://home.treasury.gov/policy-issues/financial-sanctions/recent-actions/20220422)
Four new ETH addresses have been added to the OFAC SDN list as of the 22nd of April linked to the DPRK Lazarus group.
The addresses are:
0x098B716B8Aaf21512996dC57EB0615e2383E2f96
0xa0e1c89Ef1a489c9C7dE96311eD5Ce5D32c20E4B
0x3Cffd56B47B7b41c56258D9C7731ABaDc360E073
0x53b6936513e738f44FB50d2b9476730C0Ab3Bfc1
Address 0x98B7 received the main funds from the attack of ETH173,600.
Notes for investigators
These addresses should be part of sanctions checks for both inbound and outbound transactions.
Influencers Are Scamming Their Fans Through Crypto. Here’s How Their Tactics Have Evolved.
(Time - https://time.com/6171307/influencer-scams-crypto/)
Time magazine has produced a review of influencer related crypto scams, including CSGOLotto and Save the Kids. Whilst light on technical detail the reporting provides and indication of a influencer-based fraud typologies.
Notes for investigators
When reviewing investments of conducting due-diligence investigators should not take the involvement of ‘influencers’ or other high-profile figures on face value. There have been a range of examples of backers not being involved with a project and having their details added to websites, through to deliberate frauds and ‘pump and dump’ allegations.
Investigators should be aware of this typology of fraud more broadly, as it will continue to develop.
Reggie Fowler Pleads Guilty in Crypto Capital Case Tied to Bitfinex's Missing Millions
(Coindesk - https://www.coindesk.com/business/2022/04/25/reggie-fowler-pleads-guilty-in-crypto-capital-corp-case-tied-to-bitfinexs-missing-millions/ )
Reginald Fowler, the alleged operator of Crypto Capital Corp., the shadow bank that lost hundreds of millions of crypto exchange Bitfinex's money, pleaded guilty to charges on Monday.
Fowler was indicted in 2019, as the alleged operator of Panama-based Crypto Capital. He allegedly helped exchanges access banking services, when many mainstream institutions would not take them on as clients.
Crypto Capital worked by opening accounts for clients using the name of shell companies at major international banks. When a bank discovered that an account might actually be being used for a cryptocurrency business, Crypto Capital would move on to another bank.
Kraken, Binance, and other reputable firms used Crypto Capital however their biggest biggest customer was Bitfinex. This led to the 2018 temporarily pause on cash deposits at Bitfinex when they were unable to access their deposits of $850m held by Crypto Capital, because underlying accounts had been frozen by various authorities.
Notes for investigators
The cryptocurrency space is still like the wild west, even though since 2019 there have been great improvements. Investigators should flag risks of access to funds even when held by major exchanges, and when conducting due-diligence should review the fiat arrangements of businesses as well as their crypto-holdings.