Russian Masterminds Exposed in Mt. Gox Crypto Exchange Hack Case

The U.S. Department of Justice (DoJ) has brought charges against two Russian individuals in connection with the infamous 2014 cyber attack on the now-defunct cryptocurrency exchange Mt. Gox.

According to recently unsealed indictments, Alexey Bilyuchenko, 43, and Aleksandr Verner, 29, are accused of collaborating to launder approximately 647,000 stolen bitcoins between September 2011 and May 2014. These digital assets were unlawfully accessed through a server holding crypto wallets used by Mt. Gox customers.

“Beginning in 2011, Bilyuchenko and Verner orchestrated a massive theft of cryptocurrency from Mt. Gox, contributing to the exchange’s eventual collapse,” stated Assistant Attorney General Kenneth A. Polite, Jr.

“Utilizing the ill-gotten gains from Mt. Gox, Bilyuchenko allegedly played a role in establishing the notorious BTC-e virtual currency exchange, which facilitated money laundering for cyber criminals worldwide.”

During the period of March 2012 to April 2013, the accused individuals allegedly conducted significant wire transfers into offshore bank accounts, laundering over 300,000 of the stolen digital assets with the assistance of an unnamed New York-based Bitcoin brokerage service.

The BTC-e exchange, founded by Bilyuchenko in collaboration with Alexander Vinnik and others using the pilfered crypto from Mt. Gox, was shut down by law enforcement in 2017. Prior to its closure, the exchange served as a major conduit for cyber criminals to convert their illegal proceeds into cash.

Vinnik, who was extradited from Greece to the U.S. last year, has reportedly expressed interest in a potential prisoner exchange between the U.S. and Russia, as reported by the Wall Street Journal.

• The U.S. Department of Justice revealed, “BTC-e catered to over one million users worldwide, facilitating millions of bitcoin in deposits and withdrawals, and processing billions of dollars in transactions. The exchange received criminal proceeds from numerous computer intrusions, hacking incidents, ransomware attacks, identity theft schemes, corrupt officials, and narcotics distribution rings.”
• If convicted of money laundering charges, the accused individuals could face a maximum sentence of 20 years in prison each. Additionally, Bilyuchenko may face an additional 25-year prison term for operating an unlicensed money services business.
• Mt. Gox, once the largest cryptocurrency exchange, collapsed shortly after the theft and filed for bankruptcy in February 2014. Mark Karpelès, the CEO of the exchange, was considered a primary suspect and was arrested in Japan in 2015, charged with fraud and embezzlement.

Karpelès was subsequently convicted in Japan in 2019 and received a 2.5-year suspended prison sentence for data manipulation. However, he was acquitted of embezzlement charges.

In a separate development, a 39-year-old Romanian national, Mihai Ionut Paunescu, was sentenced to three years in prison for operating a bulletproof hosting service that facilitated the distribution of malware strains like Gozi, Zeus, SpyEye Trojan, and BlackEnergy.

Paunescu, apprehended in Colombia last year and extradited to the U.S., has been ordered to forfeit $3.51 million and pay restitution totaling $18,945.

This news coincides with the U.S. State Department’s announcement of a reward of up to $5 million for information leading to the arrest and conviction of Maximilian Rivkin, a Swedish-based criminal of Serbian origin. Rivkin was identified as an “administrator and influencer” on the encrypted messaging app AN0M (aka ANoM).