A U.S. citizen who ran a service that advertised it could evade sanctions using Bitcoin has been identified and charged by authorities.
The person operated an online payments and remittance platform that used Bitcoin and was based in a country sanctioned by the United States. The citizen, who is unnamed at this point, even advertised their platform as a way to avoid sanctions, and sent $10 million worth of Bitcoin between the U.S. and the sanctioned country, according to an opinion written by a judge and published on Friday.
The opinion shows, once again, that Bitcoin and other cryptocurrencies are highly traceable and authorities have become very good at tracking criminals using them. Combined with the fact that crypto exchanges have to maintain extensive user records because of Know Your Customer (KYC) regulations, it's relatively easy to find people who commit crimes such as stealing vast amounts of bitcoins and sending money to countries like North Korea or Iran. (The opinion does not disclose what country the suspect based their platform in.)
Judge Zia M. Faruqui used stern and unusual language and unexpected references to make his points, citing the movie Friday the 13th, HBO’s Silicon Valley, SNL sketches, and uses the very informal verb to “dox.”
“Virtual currency is traceable,” the judge wrote. “Yet like Jason Voorhees the myth of virtual currency’s anonymity refuses to die.”
“Issue One: virtual currency is untraceable? WRONG. See Saturday Night Live, The McLaughlin Group,” the judge wrote in his conclusion. “Issue Two: sanctions do not apply to virtual currency? WRONG. See Saturday Night Live, The McLaughlin Group Halloween Cold Open.”
Do you track cryptocurrencies or hacks against crypto projects? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email email@example.com
The defendant made a series of—in hindsight—pretty bad OPSEC mistakes. First, they used a U.S. IP address to operate the platform, which was based in “a comprehensively sanctioned country" and specifically advertised it could evade U.S. sanctions. They also established a U.S.-based front for the payment platform; they registered domain names for the platform, using the front company to pay for them; their IP addresses were linked to a “U.S.-based online financial institution,” which received and sent thousands of dollars to users in the unidentified sanctioned country; they opened accounts with two virtual currency exchanges funding it with money stored in the account at the U.S. financial institution, among others.
Even the judge seemed to make fun of the suspect.
“Law enforcement synthesized subpoena returns from virtual currency exchanges, email search warrant returns, banking information, and shell company registration information to reliably dox Defendant,” the judge wrote. “Specifically, the affidavit established that Defendant opened an account with [Virtual Currency Exchange]1. [...] VCE 1 collected legally-required know-your-customer information which—wait for it—allowed VCE 1 to know who its customer was: Defendant.”