The Department of Justice (DoJ) charged two Russian nationals who are allegedly behind the hack of the Mt. Gox cryptocurrency exchange over a decade ago.
On Friday, the DoJ unsealed the indictment that charged the two, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, with gaining unauthorized access to the server for Tokyo-based Mt. Gox in 2011. Mt. Gox stored the cryptocurrency wallets of thousands of users globally, making it one of the largest exchanges for customers to use to trade cryptocurrency. However, due in part to this incident the cryptocurrency exchange faced insolvency and eventually shut down in 2014.
“Bilyuchenko, Verner, and their co-conspirators used their unauthorized access to Mt. Gox’s server to fraudulently cause bitcoins to be transferred from Mt. Gox’s wallets to bitcoin addresses controlled by Bilyuchenko, Verner, and their co-conspirators,” according to the indictment unsealed on Friday in the Southern District of New York. “From September 2011 through at least May 2014, Bilyuchenko, Verner, and their co-conspirators caused the theft of at least approximately 647,000 bitcoins from Mt. Gox, representing the vast majority of the bitcoins belonging to Mt. Gox’s customers.”
After the initial theft, the two allegedly laundered the bitcoins through various addresses that were associated with accounts that they controlled at two other unnamed bitcoin exchanges, as well as a user account on Mt. Gox itself. As part of this laundering activity, in April 2012 they allegedly entered into a fraudulent advertising service contract for an unnamed bitcoin brokerage service based in New York. Under the guise of this purported advertising service, the two made regular requests to the owner of the New York-based bitcoin broker for making large wire transfers to offshore bank accounts with the end goal of liquidating the bitcoin stolen from Mt. Gox.
“In accordance with these requests, between in or about March 2012 and in or about April 2013, the New York Bitcoin Broker transferred more than approximately $6.6 million to overseas bank accounts controlled by Bilyuchenko, Verner, and their co-conspirators,” according to the indictment press release. “In exchange for the wire transfers, the New York Bitcoin Broker received “credit” on Exchange-1, through which Bilyuchenko, Verner, and their co-conspirators laundered more than 300,000 of the bitcoins stolen from Mt. Gox.”
Mt. Gox was forced to shut down in 2014 after the hack was revealed, and last year, after several delays, announced that it will start to reimburse its former users “in due course.”
Bilyuchenko and Verner are charged with money laundering, and if convicted each defendant faces a maximum penalty of 20 years in prison. According to the DoJ, Bilyuchenko is separately charged, along with Alexander Vinnik, with conspiring to operate illicit cryptocurrency exchange BTC-e from 2011 until 2017 when it was shut down by law enforcement. With over one million users globally, BTC-e was one of the largest cryptocurrency exchanges during that time for cybercriminals to launder criminal proceeds from cyberattacks, like identity theft schemes and ransomware attacks. Vinnik was arrested in 2017 and extradicted to the U.S., where he was found guilty of money laundering and sentenced to five years in prison.
Kenneth Polite Jr., assistant attorney general, said on Friday the unsealed indictment “marks an important milestone” in these two cryptocurrency investigations.
“As alleged in the indictments, starting in 2011, Bilyuchenko and Verner stole a massive amount of cryptocurrency from Mt. Gox, contributing to the exchange’s ultimate insolvency,” he said. “Armed with the ill-gotten gains from Mt. Gox, Bilyuchenko allegedly went on to help set up the notorious BTC-e virtual currency exchange, which laundered funds for cyber criminals worldwide.”
The U.S. has continued to crack down on cybercriminals behind cryptocurrency hacks and illegal cryptocurrency exchanges. In January, for instance, the U.S. disrupted the operations of Bitzlato, a cryptocurrency exchange linked to the laundering of ransomware payments, and arrested the alleged Russian national operator of the marketplace.
