KEYSER SOZE

The World’s Most Infamous Billion-Dollar Bitcoin Launderer Nabbed at Last?

The Russian known as WME has links to computer hacking, ransomware scams, identity theft, tax refund fraud schemes, corrupt politicians, and drug trafficking around the world.

Homeland Security Investigations, The Internal Revenue Service-Criminal Investigation Division, and other federal agencies, working together with Greek police, have arrested the alleged mastermind behind a $4 billion money laundering scheme that used bitcoin transactions.

He is also believed to have played a role in the looting of Mt. Gox, once the world’s largest bitcoin exchange, which went bankrupt in February 2014. The CEO, Mark Karpeles, is currently on trial for embezzlement and other charges in Japan.

The U.S. Department of Justice identified the so-called mastermind as Russian national Alexander Vinnik, age 38. He was arrested in Greece, on a U.S. warrant, with a wide array of electronic equipment which was confiscated.

The police said that Vinnik was involved in the management of "one of the largest cybercrime websites in the world."

Vinnik has been accused of laundering billions of dollars since 2011 using bitcoin. The virtual currency was created by the mysterious Satoshi Nakamoto, is difficult to trace, and has reached values of up to $3,000 for a single bitcoin in recent months.

Because of the anonymity involved in bitcoin transactions, it became the currency of choice for the world’s largest underground cyber market, Silk Road, where drugs, guns, and other forbidden goods were freely sold. American agents investigating Silk Road were also arrested for pilfering bitcoins while working the case and one was sentenced to six years for his malfeasance.

The full details of the websites and platforms used to launder the money have not been made public although links between the money laundering and Russian based WebMoney are also being investigated, U.S. government sources told The Daily Beast.

Vinnik is wanted in the U.S. and could be extradited to face charges and a subsequent trial. He is allegedly a key figure in solving a number of bitcoin exchange hackings that have taken place in the last several years.

U.S. law enforcement sources have long believed Vinnik was the real identity of “WME”—an almost legendary figure one federal agent called “the Keyser Söze of bitcoin money laundering,” referring to the mysterious master criminal in the 1995 movie “The Usual Suspects.” WME is believed to have played a role in the liquidation of bitcoins stolen from exchanges such as Bitcoinica and Bitfloor. Allegedly under the moniker WME, he complained about coins being confiscated from his accounts and also sold “discounted bitcoins” in net forums and on the dark web.

Police sources also confirmed that Vinnik played a role in the disappearance of 650,000 bitcoins hacked from Mt. Gox, once the world’s largest bitcoin exchange between the 2012 and 2014.

Kim Nilsson, a cyber security expert, who has been analyzing the Mt. Gox case for over two years wrote in a long piece published today on the WizSec blog, “Vinnik is our chief suspect for involvement in the Mt.Gox theft (or the laundering of the proceeds thereof). This is the result of years of patient work, and these findings were surely independently uncovered by other investigators as well. Everyone who worked on the case have patiently kept quiet while forwarding findings to law enforcement, so as not to tip suspects off and to maximize the chances of arrests.”

The Daily Beast has also been in touch with law enforcement and avoided referring to “WME” while the investigation was underway, and until the arrest was made.

Get The Beast In Your Inbox!

Daily Digest

Start and finish your day with the top stories from The Daily Beast.

Cheat Sheet

A speedy, smart summary of all the news you need to know (and nothing you don't).

By clicking “Subscribe,” you agree to have read the Terms of Use and Privacy Policy
Thank You!
You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason.

Vinnik has also been linked to BTC-e, one of the oldest virtual currency exchanges. According to new research by Google on the proliferation of ransomware, 95 percent of the ransoms paid over the last two years—worth about $25 million—were ultimately cashed out at  BTC-e.

In other words, when cyber criminals have hijacked your computer and forced you to pay them bitcoin to recover your data, BTC-e is where they take your extorted funds and withdraw it in the currency of their choice. The platform has been offline this week since reporting technical issues. BTC-e has long been alleged to have lax standards in processing bitcoin transactions and been favored by criminal elements.

According to the Department of Justice, in an indictment which was unsealed on July 26, BTC-e, founded in 2011, was one of the world’s largest and most widely used digital currency exchanges.  

Since BTC-e’s inception Vinnik and others developed a customer base comprised largely of criminals, according to the indictment. Users were not required to validate their identities, transactions and the source of funds were obscured and anonymized, and the exchange failed to put into place any substantial anti-money laundering processes.

BTC-e allegedly facilitated transactions for cybercriminals worldwide and received the criminal proceeds of numerous computer intrusions and hacking incidents, ransomware scams, identity theft schemes, corrupt public officials, and drug rings, according to the indictment. BTC-e was used to aid and abet crimes spanning the gamut of computer hacking, identity theft, tax refund fraud schemes, public corruption, and drug trafficking. The investigation has revealed that BTC-e received more the $4 billion worth of bitcoin over the course of its operation.

US law enforcement also believes Vinnik received funds from the infamous computer intrusion or “hack” of Mt. Gox—an earlier digital currency exchange that eventually failed, in part due to losses attributable to intrusions.  The bitcoins stolen from the hack of Mt. Gox were laundered through various online exchanges, including BTC-e, and a now defunct digital currency exchange, Tradehill, based in San Francisco.  The indictment alleges that by moving funds through BTC-e, Vinnik sought to conceal and disguise his connection with the loot from the hacking of Mt. Gox and the resulting investigation.

If Vinnik is extradited and tried in the United States, it will shed light on the hacking of Mt. Gox. It could also be an embarrassment to the government of Japan, which arrested the former CEO of Mt. Gox, hoping to make him confess to stealing the 650,000 missing bitcoins which resulted in the company’s bankruptcy, although none of the charges he is facing relate to the hacked bitcoins.

—with additional reporting by Kevin Poulsen and Nathalie-Kyokyo Stucky

Editor’s Note: A spokesperson for WebMoney contacted The Daily Beast and stated, "WebMoney Transfer (www.wmtransfer.com) operates strictly under government control in accordance with current legislation... Moreover WebMoney wasn`t used at BTC-e. We are always ready to cooperate in identifying illegal activity.” Please see their website for further details on their compliance program.