As crypto currencies become more prevalent people are starting to figure out that crypto currencies do not necessarily provide anonymity. Case in point Maksim Boiko a.k.a. “Gangass”. On March 27, 2020 the Department of Justice unsealed an affidavit for a criminal complaint and arrest warrant against Mr. Boiko alleging conspiracy to commit money laundering.
In reading the 29-page affidavit provided by a Special Federal Bureau of Investigation (FBI) Agent it is apparent Mr. Boiko was not what one would call a “professional” in terms of criminal prowess. A prolific social media addict with zero comprehension of the U.S. legal system and computer technology – yes, a professional criminal, not so much.
This article will be a how to guide on what not to do when endeavoring to launder money.
Mr. Boiko was ultimately caught as a result of the BTC-e exchange being shuttered in 2017. In July of 2017 BTC-e and its founder 37-year old Alexander Vinnik were charged in 21- count indictment for operating an alleged international money laundering scheme and allegedly laundering funds from the hack of the Mt. Gox crypto exchange. Mr. Vinnik was arrested in Greece on July 25, 2017
According to the BTC-e indictment, since its inception in 2011, “Vinnik and others developed a customer base for BTC-e that was heavily reliant on criminals, including by not requiring users to validate their identity, obscuring and anonymizing transactions and source of funds, and by lacking any anti-money laundering processes.”
According to a Department of Justice press release. “The indictment charges BTC-e and Vinnik with one count of operation of an unlicensed money service business, in violation of 18 U.S.C. § 1960, and one count of conspiracy to commit money laundering, in violation of 18 U.S.C. § 1956(h). In addition, the indictment charges Vinnik with seventeen counts of money laundering, in violation of 18 U.S.C. § 1956(a)(1), and two counts of engaging in unlawful monetary transactions, in violation of 18 U.S.C. § 1957. An indictment merely alleges that crimes have been committed, and the defendants are presumed innocent until proven guilty beyond a reasonable doubt.”
FinCen assessed fines of $110 million against BTC-e and $12 million against Mr. Vinnik for willful violations of U.S anti-money laundering law.
An apparent high-volume user of the BTC-e services was an entity called QQAAZZ group. According to the Boiko affidavit, QQAAZZ is a transnational organized crime group that provides money laundering services to significant cybercriminals and apparently under investigation by the FBI.
The Boiko affidavit devotes a significant amount of text to the activities of the QQAAZZ group. The affidavit describes the association as “The QQAAZZ group, named after an online criminal moniker, used by the organization, has operated since at least 2015 and is comprised of more than a dozen individuals from various countries including Georgia, Bulgaria and Latvia.”
QQAAZZ used hundreds of shell companies to open bank accounts in the United Kingdom, Portugal, Spain, Germany, Belgium, Turkey and the Netherlands. The bank accounts would then be used to receive ill-gotten funds derived from cybercrimes like account hijacking and ransomware.
Once the funds were successfully transferred from victim’s U.S. based bank accounts to QQAAZZ controlled bank accounts the process of “tumbling” those funds and money laundering began, for between 40 – 50% of the funds laundered.
Enter Mr. Boiko. The methods employed by Mr. Boiko alleging conspiracy to commit money laundering include computer fraud, bank fraud and wire fraud. A prime way Mr. Boiko attempted to assist QQAAZZ in their money laundering efforts was to utilize crypto currencies to transform the ill-gotten proceeds into fiat currencies. However, as meticulously detailed in the affidavit Mr. Boiko was incredibly sloppy in terms of ensuring anonymity.
Mr. Boiko used easily traceable Gmail and iCloud email services. Both Google and Apple were served with subpoenas that gave the FBI access to incredible amounts of information that directly led to the identification of bitcoin transactions, all not anonymous of course.
“A review of the iCloud content revealed photographs showing communications over criminally controlled Jabber accounts. For example, one screenshot shows an open Jabber conversation with the moniker firstname.lastname@example.org. The FBI’s investigation has revealed email@example.com to be a criminally controlled QQAAZZ Jabber account. In the conversation, firstname.lastname@example.org receives confirmation of payment sent in the amount of 3.482 Bitcoin. The date of this photograph is July 24, 2019. Open source information shows that a transfer of 3.482 Bitcoin was, in fact, made in the amount of 3.482 Bitcoin on July 24, 2019. At this time, 3.482 Bitcoin was equal to approximately $35,000.”
Apparently Boiko also used a Gmail account in both registering with crypto exchanges as well as a back-up email account for iCloud verification purposes. After getting a subpoena to get access to Mr. Boiko’s Gmail account other material information was discovered:
- Saved in the account was a chat between Conspirator A and the other QQAAZZ group member in which they reference the name “Boiko Maksim Sergeyevich,” his location, Saint Petersburg, and the Russian phone number +79817350504.
- The account contained a directory (arranged by country) listing the names of dozens of shell companies, the purported owner/director of each shell company, the owner’s contact information, and details for dozens of bank accounts opened in each shell company’s name at multiple financial institutions.
The FBI also included pictures that not only document Mr. Boiko’s illegal activities but he also posted on social media and save to iCloud!
Completing the circle
The FBI also obtained information provided from a crypto exchange called Bitstamp. There was an account at Bitstamp with the username of “atrofi95.” From there the FBI obtained a warrant to search an iCloud account registered with the Gmail account of email@example.com. This led to a substantial amount of information and tied the email account firstname.lastname@example.org directly to Mr. Boiko.
At the shuttered BTC-e crypto exchange there was an account registered to Aleksejs Trofimovics in London with the corresponding email address email@example.com. Mr. Trofimovics was arrested in Latvia in October 2019 and extradited to the United States in early 2020.
By reviewing this iCloud account the FBI retrieved WhatsApp communications reflecting phone numbers owned by Mr. Boiko. The FBI then discovered an additional Gmail account owned by Mr. Boiko, firstname.lastname@example.org. From the amgcls email account the FBI discovered “Numerous documents found in the email account, including Boiko’s passport, confirm that the account was controlled by Boiko.”
“Also, on July 24, 2019, Boiko’s email@example.com email account received an email message from Binance. (Binance is a global cryptocurrency exchange that provides a platform for trading more than 100 cryptocurrencies.) The message was sent to firm that Boiko wanted to withdraw and send 3.482 Bitcoin to address 1EuGpYbEfvicrppSpStdxw1bpHsokpP4x. This is the same Bitcoin wallet address provided in the photograph discussed above to which the 3.482 Bitcoin was to be sent.”
It is rather stunning how sloppy these people were. From what I can surmise is that, aside from posting on social media, the ease of using Gmail and iCloud email services usurped any notion of attempting to covering their tracks.
While there are ways to guarantee anonymity, much of which entails misrepresenting information and undermining Know Your Customer programs, retaining text messages in cloud services is not one of them. Nor is posting pictures of yourself with stacks of currency on social media. In addition to being downright stupid you are just begging for the FBI to come after you. It worked. Ask, and it shall be given you; seek, and ye shall find; knock, and it shall be opened unto you.