Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Two Estonian citizens arrested in $575M cryptocurrency fraud scheme

Two Estonian citizens were arrested in Tallinn for allegedly running a $575 million cryptocurrency fraud scheme. Two Estonian nationals were arrested in Tallinn, Estonia, after being indicted in the US for running a fraudulent cryptocurrency Ponzi scheme that caused more than $575 million in losses. According to the indictment, Sergei Potapenko and Ivan Turõgin, both […]

Scattered Spider DOJ

Two Estonian citizens were arrested in Tallinn for allegedly running a $575 million cryptocurrency fraud scheme.

Two Estonian nationals were arrested in Tallinn, Estonia, after being indicted in the US for running a fraudulent cryptocurrency Ponzi scheme that caused more than $575 million in losses.

According to the indictment, Sergei Potapenko and Ivan Turõgin, both 37, allegedly defrauded hundreds of thousands of victims through a crypto Ponzi scheme. The duo used shell companies to launder the cash from the fraudulent activity and to buy real estate and luxury cars.

“They induced victims to enter into fraudulent equipment rental contracts with the defendants’ cryptocurrency mining service called HashFlare. They also caused victims to invest in a virtual currency bank called Polybius Bank.” reads the press release published by DoJ. “In reality, Polybius was never actually a bank, and never paid out the promised dividends. Victims paid more than $575 million to Potapenko and Turõgin’s companies.”

The defendants are accused to have defrauded the victims between December 2013 and August 2019, they operated with other co-conspirators residing in Estonia, Belarus, and Switzerland.

Potapenko and Turõgin tricked the investors into believing that HashFlare was a massive cryptocurrency mining operation, the victims were requested to pay for rent computing power and receive a proportional part of the cryptocurrencies mined. The bad news for the investors is that HashFlare did not have the virtual currency mining equipment it claimed to have.

According to the indictment, HashFlare’s equipment performed Bitcoin mining at a rate of less than one percent of the computing power it claimed to have.

When investors asked to withdraw their mining proceeds, the defendants either resisted making the payments or in some cases, they paid off the investors using virtual currency that were purchased on the open market.

HashFlare shut down its operations in 2019, but since May 2017, the duo started offering investments in a company called Polybius, which they claimed to form a bank specializing in virtual currency. 

“They promised to pay investors dividends from Polybius’s profits. The men raised at least $25 million in this scheme and transferred most of the money to other bank accounts and virtual currency wallets they controlled. Polybius never formed a bank or paid any dividends.” continues the DoJ.

According to the indictment, the defendants also conspired to launder their criminal proceeds through shell companies and phony contracts and invoices. The money laundering conspiracy involved “at least 75 real properties, six luxury vehicles, cryptocurrency wallets, and thousands of cryptocurrency mining machines.”

Potapenjo and Turõgin are being charged with conspiracy to commit wire fraud, 16 counts of wire fraud, and one count of conspiracy to commit money laundering. Both could face a maximum penalty of 20 years in prison.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, cryptocurrency fraud scheme)

[adrotate banner=”5″]

[adrotate banner=”13″]