Thieves Launder Money by Crowdfunding Themselves

Crowdfunding sites like Kickstarter are a great way for people with great ideas to get money while circumventing the traditional hurdles of appealing to venture capitalists. Turns out they are also a great way for people with stolen money to get around the law.

On Nov. 5, the founder of the crowdfunding platform Gittip announced that the service had been hijacked as a vehicle for money laundering by a mysterious, anonymous user who had registered on his site about five weeks earlier.

Gittip, short for “gift tip,” let’s users issue small cash tips of between $1 and $24 each week to other users whose causes or work they “believe in.” Founder Chad Whitacre calls the service “Kickstarter for people,” as opposed to projects. The idea is modeled in part on the MacArthur Foundation’s Genius Grant, which gives truckloads of money to “exceptional” people simply as a thumbs-up for being so awesome.

Whitacre started writing about a user named “delpan” in October after the username popped up on Gittip’s leaderboard of tip recipients. Delpan had joined Gittip in late September, and was already raking in tips amounting to as much as $60 per week (which would put the user in the top 5 earners on Gittip’s leaderboard as I write this). Whitacre checked with GitHub, the only link from delpan’s Gittip profile page, and Twitter, asking if anyone could vouch for delpan. “The day will come when Gittip is used for fraud, and we need to be watchful for that,” Whitacre wrote.

Most users on Gittip outfit the site’s stripped-down profile page with the basics: name, avatar and a brief promotion of their worth to other users through an “I am making the world better by…” description of their activities. It’s users’ best chance of explaining who they work for, what they’re doing, and why you should care enough to tip them. People include bits like “developing open source Python software” or “building cool things for the Library of Congress.”

Delpan doesn’t have any connections on GitHub, doesn’t include a name or photo and writes “I am making the world better by listening from young people and give them advices in many situations such as love, family, friends affairs…” It reads like a lousy automated English translator and, as Github user Chris Beelby pointed out, appears “ambiguous at best.”

After monitoring delpan’s account activity, Whitacre wrote that “it has become clear that delpan and other accounts on Gittip are in fact being used to steal money.”

The way the laundering scam works on Gittip, and has worked on other crowdfunding sites such as Fundable and payment processors like PayPal, is pretty simple. A person creates two accounts — one connected to a bank account, the other linked to a stolen credit card — and feeds funds from the card to the account.

(Update: Just to be clear, Fundable in its original form shut down in 2009 after dealing with scams. The URL was purchased by a third party and rebooted, and according to an email from spokeswoman Janeesa Hollingshead, the new Fundable hasn’t had any laundering scam issues.)

Whitacre said he believes six Gittip accounts are linked to stolen credit cards. Since Sept. 27, the accounts have been used to launder $488.15 — about 6 percent of Gittip’s tip activity for the six-week period. The accounts share similar characteristics: Gittip accounts associated with empty Twitter or GitHub accounts; big tips made to users with empty Twitter and GitHub accounts; CamelCased usernames; the “I am making the world better by…” statements are “vacuous.”

The tricky laundering twist is that a chunk of the fraudulent users funneled the stolen money to legit users. Money linked to the stolen credit cards was also used to pay for services from Gittip and Balanced, Gittip’s payment processor, tying them into the scheme.

“The uncomfortable truth is that Gittip, Balanced, and our legitimate users are financially incentivized to turn a blind eye to fraud, because we have benefitted and are benefitting from it,” Whitacre wrote. “I have stolen money in my bank account. Heck, I pretty much have stolen money in my pocket right now. The difficulty of unravelling the flow of money once it’s in the system makes this even less comfortable. We’re accidentally complicit in the crime, with no easy way to make good.”

Whitacre is now implementing a “whitelist” whereby givers on Gittip will be vetted before they can donate.

“Consequently,” Whitacre wrote, “I expect that even more stolen money has been funneled through Gittip. I need to do more research to determine how much.”