Dirty cash and crypto: how the booming cryptocurrency market is open to exploitation
When the cops arrested scammer Evan Leslie McMahon in March 2019 they found a lot more than just the bootleg Netflix logins that enabled his clients to watch The Witcher on the cheap.
Also in the possession of the early-20s hacker were nine electronic wallets containing an alphabet soup of cryptocurrencies – bitcoin, bitcoin cash, ethereum, digibyte, XRP, stratis, bitcoin gold and litecoin – that he bought with the proceeds of his crimes.
McMahon escaped jail when he was sentenced in April last year for “providing a circumvention service” and “dealing with the proceeds of crime”, receiving an intensive correction order that allowed him to serve his two-and-a-half-month sentence in the community.
But he forfeited the crypto, which was initially worth $460,000, but by the time of his sentencing had risen to an estimated value of $1.2m, making it the biggest stash of tokens seized by the commonwealth to date.
To collect fees from customers of his websites, HyperGen, WickedGen, Autoflix and AccountBot, McMahon used 175 PayPal accounts held in fake names – aliases included Zac Kentish, Izabella Sjogren and Samuel Binns, according to court documents.
He then converted some of the proceeds into crypto, federal police said.
PayPal declined to comment when asked how McMahon had managed to open 175 accounts with the company and what this said about its anti-money laundering systems.
“We devote significant resources to identify, investigate and stop improper or potentially illegal activity on PayPal,” a spokesman said.
Crypto seizures on the rise
Australia’s financial security agency, Austrac, says the criminal use of cryptocurrency is no longer confined to online scammers like McMahon, who ran a series of websites selling logins to Netflix, Spotify and other subscription sites that he bootlegged using software that automatically generated the keys.
“As legitimate use of cryptocurrency increases, we’re seeing a sort of comparable increase in abuse,” says Austrac’s national manager of intelligence operations, Michael Tink, who runs teams at the agency concentrating on cybercrime, national security and money laundering.
“As an example, where a crime group might have previously been sending money offshore using the banking sector or a remittance dealer, in some cases – not a lot – we might see them trying to deposit criminal proceeds through a digital currency exchange provider and send money to a counterpart offshore using cryptocurrency itself,” he says.
Tink is keen to point out that using cryptocurrency to launder the proceeds of crime is still “fairly” niche – but it is on the rise.
While the seizure of McMahon’s wallets was the biggest crypto bust in Australia at the time, larger amounts have since been frozen by regulators investigating possible fraud.
In October last year, the Australian Securities and Investments Commission obtained federal court orders freezing bitcoin estimated to be worth between $7m and $22m that were allegedly related to what the corporate watchdog claims was an unlicensed superannuation investment scheme run by Gold Coast couple Aryn Hala and Heidi Walters. Asic alleged in court documents that at least $2.4m of investor money had been used to purchase crypto-assets. Asic’s investigation is continuing and no charges have been laid.
Overseas enforcement agencies have also seized large amounts of crypto. Last month, the US FBI seized 3,879 bitcoin, which it claims in documents filed in the American federal court system are the proceeds of a US$155m ($216m) fraud perpetrated against insurance company Sony Life by employee Rei Ishii. Ishii has been charged with fraud in Japan and is yet to face trial.
In another crypto seizure case before the US courts involving 9.881 bitcoin (about $590,000), authorities allege bitcoin was used to launder ill-gotten gains.
Between May 2019 and February 2021, suspected money launderer Fernando Berrocal, a businessman in the perfume industry, picked up bulk cash from locations both inside and outside the US of US$2.3m ($3.2m), a Homeland Security agent alleges in an affidavit filed in forfeiture proceedings in the federal court system.
This was made up of “$1m in illegal gambling proceeds and $1.3m in narcotics proceeds”, Homeland Security agent James Barden said in the affidavit.
In addition, bank accounts owned or controlled by Berrocal received “$1,789,628.40 in proceeds generated by various financial frauds, many targeting elderly US residents,” Barden said.
He accused Berrocal of controlling “multiple commercial and personal bank accounts and shell-companies in the United States and elsewhere”, as well as “multiple virtual currency accounts and/or Bitcoin addresses”, which were used to launder dirty money.
“Berrocal conducted numerous financial transactions, many involving virtual currency, specifically bitcoin, to launder and transfer criminally derived proceeds from the United States to individuals and organizations outside the United States,” Barden said.
The agent said Berrocal admitted that the bitcoin was the proceeds of his criminal activity “during a consensual interview with law enforcement” in March last year. No charges have been laid and the investigation continues.
The regulators are watching
Cryptocurrencies had another of their moments in the sun last year, with the Commonwealth Bank announcing it would allow customers to buy, hold and transfer tokens through its app, ads for trading platforms dominating bus stops and the treasurer, Josh Frydenberg, talking about bringing exchanges – which are prone to collapse – into Australia’s regulatory system.
But sceptics reckon the hype conceals a terrible truth: cryptocurrencies are fantastic for speculators but, despite many attempts, not much use as a means of exchange unless you are buying something you shouldn’t be.
“Paying for things the government doesn’t want you to buy was the first actual payment use case for cryptos – the Silk Road drug market – and it’s still about the only one,” says David Gerard, the author of two books on cryptocurrencies and a keen and critical observer of the sector.
“People only use crypto for payments when they can’t use good money for some reason, so they use this stuff instead. That’s expanded into large-scale ransomware. Ransomware existed before crypto, but not at this scale – that’s 100% on cryptos.”
Meanwhile, dirty cash from crime continues to wash into a crypto ecosystem electrified by speculative investment that, despite frequent crashes, has driven the price of bitcoin up from a few hundred dollars in 2015 to close to $60,000 today.
“The crypto system is not, technically, a Ponzi scheme – it just works like one,” Gerard says.
“Early buyers can only be paid out with money from later buyers. The whole purpose is to sell magic beans to people for real money, and convince them that these objects are the future of anything other than getting skinned.
“The general answer is: there’s no such thing as a get rich quick scheme, magic doesn’t happen, if there’s ever ‘one weird trick’ then it’s one weird trick for picking your pocket.”
Austrac has limited visibility of what goes on inside this booming market. Currently, exchanges that register with it only have to report suspicious or large movements of cash into their coffers or payments out – not transfers of crypto that occur between market participants.
However, Tink says the idea that transactions occurring on the blockchain – the distributed ledger that records crypto transactions – are completely anonymous is wrong.
“Our analysts also have access to other open source commercially available and more classified tools and data sets that help them track transactions as they occur through the blockchain and also link that to other data and criminal intelligence holdings,” Tink says.
He points out that one advantage of the blockchain technology underlying cryptocurrencies is that the data is publicly available.
“You might not always know who is behind a particular coin address, but it allows you to track transactions through with other data sets. It allows analysts to look at attributing wallet addresses to real world people.”