Gone are the days when shady dealings in crypto were perceived as immune to the clutches of law enforcement.
Illicit crypto proceeds can be shuttled between wallet addresses at the click of a mouse, and their obfuscation behind the multiple strings of numbers and letters of wallet addresses can create a dizzying – if not impenetrable – cryptographic maze for authorities to navigate.
But the criminals themselves present a more concrete target, and as they interface with everything from crafty code to unwieldy hardware to ‘traditional’ firearms, there has been some success in 2018 in nabbing some of the year’s darkest – and most imaginative – offenders.
From soap actors to former lawmakers, Cointelegraph takes stock of some of the most illustrious arrests of the figures behind crypto’s high crimes and misdemeanours this year.
Foiled supercomputer Bitcoin heist in Russian nuclear no-man’s land
In February, Russian security agents scored a coup against a group of nuclear engineers at a top-secret nuclear warhead facility who tried to use one of the country’s most powerful supercomputers to mine Bitcoin (BTC).
The engineers worked at the Federal Nuclear Center in the western city of Sarov – formerly one of the Soviet Union’s closed-off cities, unmarked on historic maps and shrouded in secrecy.
As one of the Soviet “closed administrative territorial entities,” Sarov was then known as Arzamas-16, and was the center of research and production for the first Soviet atomic bomb and hydrogen bomb under Joseph Stalin. Special permits are still required today for ordinary Russians to visit it.
With such a stellar off-grid history, you’d think the Bitcoin-hungry nuclear engineers might have suspected that connecting the site’s supercomputer – a 1 petaflop titan with a capacity for 1,000 trillion calculations per second – to the internet might draw just a little attention.
As soon as the engineers tried to bring it online, the security department was alerted and was able to foil the scientists, who were peremptorily handed over to the Federal Security Service (FSB).
Tatiana Zalesskaya, the head of the press service for the research institute, told the Interfax news agency that that the attempt was a “technically hopeless and criminally punishable offense.”
A criminal case was reportedly duly opened against them.
Contentiously, it has been alleged that the radioactive polonium-210 used to kill ex-FSB agent Alexander Litvinenko in London in 2006 was produced in Sarov, which houses a plant that is said to be the “world’s only commercial producer of the substance,” according to evidence presented before a court in the United Kingdom.
Sarov’s rogue scientists are not the only ones to have thought of using former Soviet military spaces for crypto mining. The Ice Rock Mining firm has plans to – legally – set up mining operations in a former Soviet bunker located in a cave in Almaty, Kazakhstan.
Caught in the headlights: Thai actor “Boom” arrested on set for alleged crypto fraud family affair
This summer, reports emerged tied to the story of a Finnish millionaire allegedly fooled by a Thai crypto investment scam – to the tune of Bitcoin worth 797 million baht ($24.62 million) at the time.
According to the Thai Crime Suppression Division (CSD), the 22-year-old Finn, identified as Aarni Otava Saarimaa, claimed he had been lured into investing his Bitcoin into several companies, a casino and the gambling-focused crypto token Dragon Coin.
Saarima’s business partner, the Thai businessman Chonnikan Kaeosali, reportedly first approached the CSD in January this year, outlining how the pair had been drawn to purchase shares in three firms – Expay Group, NX Chain Inc. and DNA 2002 Plc – that were purported to be investors in Dragon Coin. He said they had first been approached in connection with the affair by a local Thai group back in June 2017.
The fraudsters are said to have taken their would-be victims around a Macau-based casino where they claimed the gambling-focused token would soon be used. Saarima subsequently transferred his crypto but never saw returns, shareholder papers nor any proof of investment in Dragon Coin.
As the CSD’s investigations unfolded, they identified a group of nine suspects – three of whom were revealed to be a group of siblings from the Jaravijit family. The suspects are said to have swiftly sold the crypto for local fiat currency, dispersing the spoils between various bank accounts.
It was the arrest of one of the siblings this summer – a dapper 27-year-old soap-opera star known as Jiratpisit “Boom” Jaravijit – that first brought the case to public light.
On Aug. 9, Boom was taken into custody on money laundering charges in the midst of filming at the Major Cineplex Ratchayothin in Bangkok’s Chatuchak district. Local media noted it was the day after the star’s birthday.
It was alleged that the actor had colluded with his siblings to launder the swindled money, after investigations revealed they had bought 14 plots of land worth 176 million baht ($5.44 million).
Boom’s brother, Prinya Jaravijit, is said to have been the ringleader of the scheme, having reportedly received a tip-off from a Thai banker about the wealthy Finn and then setting the heist in motion. Prinya has reportedly fled to South Korea, while Boom’s sister is said to have made contact with the CSD to turn herself in.
The CSD has sought arrest warrants for a further six suspects and frozen a total of 51 different bank accounts in addition to the siblings’ land.
Boom was temporarily released on a 2 million baht ($61,827) bail bond on the condition that he would not leave the country, having argued that his arrest on set in a public place was ample proof he had not been intending to flee.
Earlier this month, another Jaravijit sibling turned himself in to deny the fraud charges, while police met two further suspects: Prasit Srisuwan, a well-known stock trader, and Chakris Ahmad.
Boom’s parents, Mr. Suwit and Ms. Lertchatkamol, have also been questioned after police traced that 90 million baht ($2.78 million) had been transferred to their accounts. Both have denied involvement.
India: Former ruling party lawmaker nabbed “fast asleep” on a construction site
As news of the many-tentacled Bitconnect investment heist continues to unfold globally, recent developments have unearthed a web of kidnappings and extortions allegedly tied to Bitconnect investors in the wealthy state of Gujarat.
Earlier this month, a former Member of the Legislative Assembly (MLA) for India’s ruling Bharatiya Janata Party (BJP) was remanded in custody for allegedly conspiring with local police to kidnap and extort Bitcoin from a Gujarati Bitconnect investor.
In February, a Surat-based builder by the name of Shailesh Bhatt had charged into the Home Minister’s office in the Indian state of Gujarat, alleging that 10 district cops had kidnapped and extorted him for 176 BTC, worth 9.45 crore* rupee (around $1.31 million).
*A crore rupee denotes 10 million and is equal to 100 lakh rupee in the Indian numbering system (1 lakh rupee denotes 100,000)
The band of 10 was alleged to have comprised not only rank-and-file constables but even a superintendent and a local Crime Branch Inspector.
Bhatt, who is said to have been known for his penchant for Bitcoin trading, claimed he had been duped by one of his business aides, Kirit Paladiya, into thinking that the authorities were keeping him under close watch for his crypto dealings.
He alleged he had been lured by a phone call from his local Central Bureau of Investigation (CBI), where he was allegedly beaten in a “torture room” and asked by a CBI official to pay a cash ransom.
Two days later, he claimed he was kidnapped during a meeting with his aide Paladiya near a fuel station, where he was whisked off to a local farm house. There, he said, “[the police officers] beat me up inside a room and threatened to kill me […] if I did not hand over my Bitcoins.”
Bhatt then accused Paladiya of double-crossing him in cahoots with his influential uncle, the former BJP MLA Nalin Kotadiya, who he claimed had been the one who pressured him into paying the ransom.
Bhatt has himself been subsequently accused of being a wolf in sheep’s clothing. He has become embroiled in a case pertaining to an alleged earlier extortion of a staggering 1.55 billion rupee ($215 million) worth of crypto and cash at gunpoint – including around 2,400 BTC – from two colleagues of well-known local Bitconnect promoter Satish Kumbhani.
However, Indian authorities nonetheless believed there is some weight behind the accusations against the former lawmaker Kotadiya, first issuing an arrest warrant against him in mid-May.
Kotadiya has repeatedly hit back against the allegations, notably via a WhatsApp video – reposted on Youtube in late April – in which, attired in pink, he claimed he had duly informed authorities about the Bitcoin heist and attributed the full blame for the extortion scandal and conspiracy to Bhatt.
Moreover, he threatened to leak evidence that would implicate even more local politicians in the scandal, saying that Bhatt was protecting them and therefore attempting to “fix him” in the case.
Nonetheless, by mid-June, a local sessions judge declared Kotadiya a “proclaimed offender” (absconder) and demanded he appear before the court within 30 days.
As Kotadiya continued to elude the clutches of law enforcement throughout summer, he was finally nabbed after four months in hiding on Sept. 10. He was reportedly found “fast asleep” on the second floor of a railway quarters still under construction, after a local contractor gave police the golden tip-off.
“When we [eventually] found him, he was sleeping on a mattress and there was just an earthen pot of water in the room.”
As Cointelegraph has reported, Kotadiya’s alleged embroilment has been a political gold mine for the opposition party, the Indian National Congress (INC), who allege that further members of the ruling BJP have used the Bitconnect scam to launder undeclared “black” money.
“The finger of suspicion of this massive scam of illegal cryptocurrency directly points to several top Bharatiya Janata Party leaders and a mastermind – an absconding BJP leader and former MLA Nalin Kotadiya […] Who are the top BJP leaders against whom Kotadiya has damning evidence? We demand an impartial Supreme Court-monitored judicial investigation.”
As of press time, the time of Kotadiya’s custody is up, yet the alleged evidence he claims to wield is yet to have been made public.
Iceland’s Bitcoin miner heist: A high-gliding fugitive and suspect hardware in Tianjin
This year, what has been described as one of Iceland’s “largest criminal cases in history” has seen an outlandish set of twists and turns, leading all the way to the northern Chinese city of Tianjin.
In February, news broke of a series of unprecedented thefts, involving powerful computing equipment that had been stolen in a “highly organized” Bitcoin mining heist. Three burglaries were reported to have taken place in December 2017 and a fourth in January.
The burglars had allegedly swiped 20 million krónur (around $180,000) worth of equipment – 600 graphics cards, 100 power supplies, 100 motherboards, 100 memory discs and 100 CPU processors – from a house in the municipality of Reykjanesbær.
They had also allegedly broken into data centers across both Reykjanesbær and Borgarbyggð, with a total of 600 computers stolen from both places, worth 200 million krónur (almost $2 million). The whereabouts of the equipment, including the computers – said to have been used for Bitcoin mining – remained untraceable, even as authorities monitored energy consumption for suspicious increases.
Police are said to have initially arrested eleven suspects – two of which were ordered to remain in custody, after the Icelandic IT firm Advania produced incriminating surveillance footage taken at the data center in Reykjanesbær. The authorities soon recovered most of the stolen equipment, yet the 600 computers remained elusive. Both suspects were reported in local media as being “uncooperative.”
Then, on April 17, one of the detainees escaped at 1 a.m. from his custody in an “open” (low-security) prison, just a week before authorities were due to move forward with an indictment.
The fugitive, Sindri Thor Stefánsson, fled the country on a passport bearing another man’s name, boarding a passenger plane to Sweden that was embarrassingly revealed to have been carrying Iceland’s prime minister.
Stefánsson subsequently released a statement claiming he had been “legally allowed” to travel on the day he boarded the plane to Stockholm, as his custody ruling expired April 16 and a judge had requested 24 hours to consider its renewal. This, according, to him, left a brief interim during which the warrant for his custody was legally invalid.
He vowed to return home “soon,” telling reporters he would be challenging his two-and-a-half-month custody at the European Court of Human Rights.
Days later, he was arrested in central Amsterdam, after a photo published on Instagram with the hashtag #teamsindri allegedly gave him away, according to media outlet Iceland Monitor. Police at the time did not confirm this was the case.
Allegedly incriminating Instagram snap of Stefánsson in Amsterdam: Source: Iceland Monitor
Despite #teamsindri reportedly briefly trending across Icelandic Twitter, the case last month came to a head when a judge charged Stefánsson – alongside six others – with the theft of the 600 computers. While Stefánsson’s charge has been confirmed as theft, it remains unclear what role the other six defendants are charged with as having in the incident.
Just days after Stefansson’s Amsterdam stint, police in the northern Chinese city of Tianjin seized 600 computers used to mine Bitcoin, after abnormal electricity usage attracted the attention of the local power grid operator. Local media outlets reported the case as being the “largest power theft case in recent years,” but it notably also drew the attention of authorities back in Iceland, who suspected the exact number match of suspect hardware was more than just an uncanny coincidence.
Icelandic police subsequently reached out to Chinese authorities to try to link the two cases, yet no results have been reported since then.
“One of the best out there”: A teenage SIM-swapping crypto hacker with a taste for luxury cars
Last month, Californian police nabbed a hacker who allegedly stole Bitcoin worth over $1 million via a series of so-called ‘SIM-swapping’ heists – also known as ‘port-out scams.’ The 19-year-old suspect, identified as Xzavyer Narvaez, is said to have specialized in stealing cell phone numbers and using them to hijack online financial and social media accounts tied to those numbers.
A SIM-swap attack results in the victim suddenly losing all service, with any incoming calls or text messages redirected to the attacker’s device. As many firms use automated messages or phone calls to handle customer authentication, SIM swaps can be a goldmine in deft hands.
Prosecutors allege that Narvaez used his ill-gotten crypto proceeds to purchase luxury goods, including a $200,000 high-performance McLaren sport car, which were tracked through records obtained from Bitcoin payment provider BitPay.
According to cybercrime blog Krebs on Security, the investigators interviewed several alleged victims of Narvaez, one of whom claimed he was robbed of $150,000 in crypto after his SIM was hijacked.
Between March and June 2018 alone, Narvaez’s account on crypto exchange Bittrex reportedly saw a flow of a staggering 157 BTC. He subsequently faced charges on four counts of using personal identifying information without authorization; four counts of altering and damaging computer data with intent to defraud or obtain money, or other value; and grand theft of personal property of a value over $950,000, according to court documents.
VICE’s parallel investigations traced Narvaez’s impressive “credentials” in the SIM-swapping underworld, with one source telling the magazine that he was considered “one of the best […] out there.” VICE’s source provided screenshots of Narvaez’s former Instagram account, which allegedly featured euphoric photos of his fresh, 2018 snow white McLaren, accompanied by the caption “live fast, die young.”
Narvaez is said to have come under the radar of law enforcement following the arrest of one Joel Ortiz, described as “a gifted 20-year-old college student from Boston” who was charged this July with using SIM swaps to swipe over $5 million in crypto from 40 different victims.
A redacted “statement of facts” in the case obtained by Krebs revealed that records obtained from Google had traced that a cellular device used by Ortiz to commit SIM swaps had at one point been used to access the Google account identified as Xzavyer.Narvaez@gmail.com.
In an unrelated case this July, Florida police reportedly arrested a 25-year-old, Ricky Joseph Handschumacher, who was accused of being part of a multi-state, cyber-fraud SIM-swapping ring that operated over the course of two years.
The gang of nine – scattered across different states – was initially tracked in February, when a “worried mom” overheard her son talking on the phone impersonating a telecoms firm employee. The group is alleged to have “routinely paid” employees at cell phone companies to assist in their schemes and to even have discussed a plan to hack accounts belonging to the CEO of the high-profile Gemini Trust company – namely those of Bitcoin billionaire Tyler Winklevoss.
Handschumacher himself posted multiple flashy purchases – including a pickup truck, multiple all-terrain vehicles and jet skis – on his public Facebook profile. Subpoenas to Coinbase revealed he had sold 82 BTC through his account, “virtually all” of which were not purchased on the platform.
As law enforcement closed in on this host of spry and unabashed millennial SIM swappers, in August, a U.S. investor filed a $224 million lawsuit, taking on telecoms giant AT&T. Michael Terpin accused the firm of alleged negligence, claiming that $24 million in crypto was stolen via a “digital identity theft” of his cell phone account.
His complaint alleged that:
“What AT&T did was like a hotel giving a thief with a fake ID a room key and a key to the room safe to steal jewelry in the safe from the rightful owner.”
“Fake news”: OKEx CEO “detained” for alleged fraud
The most recent high-profile, crypto-related “detention” involves OKEx CEO Star Xu, who was the subject of a host of conflicting media reports – and even one viral dumpling-related anecdote – following his sudden tête-à-tête with Chinese authorities this month.
Xu has robustly hit back at rumors that fraud was the reason for his purported ‘arrest,’ after local media reported that he had faced problems at his hotel from a group of investors in WFEE Coin, a blockchain WiFi sharing project they claimed Xu held shares in.
The allegedly defrauded victims had reportedly contacted Shanghai police, who “summoned” the CEO to a police station on Sept. 10 to “put [him] through a round of questioning to get to the bottom of the rumors,” as tech news source ZeroHedge wrote at the time.
A photograph of a police report about Xu on local news outlet Sina Technology appeared to confirm that the police had been notified at 5:59 p.m. on Sept. 10.
Image of police report allegedly involving Star Xu’s detention. Source: Sina Technology
At the same time, alternative sources in China claimed the investors were in fact traders incensed by system failures on the OKEx exchange itself. As Bitcoin (BTC) tumbled on Sept. 5, OKEx platform crashes are alleged to have left users unable to close or otherwise salvage their positions, with losses all the more acute in the case of leveraged trades.
Cointelegraph’s own Chinese sources have since thrown some degree of light on what had spiralled into a sordid media affair, substantiating suspicions that much of the hearsay was indeed “fake news.”
The sources have emphasized that Xu was the one who approached the police of his own accord. In their account, on Sept. 10, Xu had arrived at the Shanghai office of OK Group to meet with customers and conduct other business affairs. He had also – incidentally – made an appointment at the office to meet with a prospective personal fitness coach.
There, the first troubles with the disgruntled investors are said to have begun – who are thought to have been a mix of OKCoin and WFEE Coin investors. Some ambiguity remains as to their exact identity – and whether they were indeed railing against problems tied to the OKEx exchange or held Xu responsible for the vicissitudes of the WFEE token, or a mix of both.
Having gotten wind of Xu’s visit to Shanghai, the aggrieved group is alleged to have been responsible for vandalizing the sign at the city’s OK Group office, as appears to be shown in the following photograph:
Photo showing the apparent vandalization of OK Group’s entrance sign at the Shanghai office
An alarmed Xu is said to have headed back to his hotel, telling his prospective coach to make her way there as well, so as to resume their meeting. The investors are alleged to have then followed the woman’s tracks, suspecting she would lead them to Xu. There, they are alleged to have knocked on the door of the CEO’s room, threatening him.
After four tense hours, Xu is said to have alerted the police. The investors are again alleged to have followed his trail, whereupon Xu called a group of “henchmen” to join him at the police station. At this point, the investors are said to have taken fright and approached the authorities themselves.
In an interview published soon after his release, Xu confirmed he had been held by Shanghai police, seeming to imply he had made the contact on his own initiative:
“In Shanghai, someone reported that I was defrauding. I went to the police station to explain the situation and proved to the police that I did not swindle.”
On Twitter, OKEx COO Cheung also stated that Xu had been encircled by a group in Shanghai, although in his account, the police are said to have arrived to the scene themselves and moved all parties involved to the station. Cheung alleged that:
“While Star was invited to help with the investigation and those people was detained, they raised a fraud complaint against Star. Star stayed to clarify and then left afterward.”
According to Cointelegraph’s sources, no one was witness to Xu’s departure from the station, and it remains unclear how long he spent there.
Xu has stated that while it is “normal” for citizens to exercise their right to make such allegations, he has equally fulfilled his “duty” as a citizen by cooperating with the authorities. In terms of his alleged responsibility for system “abnormalities” on the exchange, Xu has responded that:
“I am not a legal person of OKEx, nor am I a shareholder or a director.”
This point was echoed in Cheung’s parallel tweets, in which the COO stressed that “Star is the founder of OK Group, [and] although we are good friends, he does not run OKEx.” Cheung has added that he felt “disappointed that the story was twisted before the truth came out.”
Local news outlet Jiemian has meanwhile reported that seven out of a total of 300 investors who claimed to have “suffered heavy losses” on the OKEx exchange have since reached a form of settlement with Xu. Notably, repeated system failures are alleged to have caused a total economic loss of “around 300 million yuan.”
In his post-release interview, Xu stressed that while leveraged trading is a “neutral tool in itself,” it is “not suitable for ordinary investors” as the potential for accelerated net profits and losses requires “professional knowledge” to manage the risks involved.
As Jiemian noted, while OKEx offers investors the opportunity to add as much as 20 times leverage to their contracts, unlike traditional futures trading platforms, the exchange operates without regulatory oversight.
As for the WFEE connection, OK Blockchain Capital (OKBC) – a strategic partner of OKEx and a subsidiary of OK Group – has publicly refuted the allegations that Xu had any shares in the project, tweeting on Sept. 12 that:
“The rumor that OK Group founder Star Xu [is] a shareholder of WFEE is fake. Mr. Xu has no equity relationship with WFEE and its company.”
OKBC has further clarified its own relationship with WFEE, stating that “OKBC is one of the institutional investors of WFEE.” WFEE reportedly “acquired OKBC’s and several other capitals’ investments […] when it was still the prime partner of WeShare WiFi – a global leading WiFi sharing company.” The firm added that it had not been notified of subsequent changes to the WFEE white paper, as OKBC “neither participates in” WFEE’s operations, nor in its “results.”
OKBC has also pointed to the fact that OKEx had warned its users of the potential risks posed by WFEE in August and included WFEE in their first “Token Delisting/Hiding Guideline [sic].”
So… what of the dumplings?
Amid the flurry of “twisted” media reports, one viral anecdote alleged that the band of investors had brought a hungry – and short-of-cash – Xu some sustenance, namely dumplings, as he underwent questioning at the police station. The story, despite its oddity, appears to have had some traction. Cointelegraph’s Chinese sources, for their part, dismissed it out-of-hand as an unthinkable and breathless piece of confected hearsay.