How could a Russian launder $4 billion worth of bitcoins?

Alexander Vinnik, suspected of running a money laundering operation.

Alexander Vinnik, suspected of running a money laundering operation.

Reuters
Creating an international scheme to legalize stolen money, bankrupting a large cryptocurrency exchange, helping hackers and drug dealers for seven years - all this, according to the U.S. authorities - was done by a Russian who owned a popular Bitcoin exchange.

The Greek resort of Halkidiki. A five-star hotel. Russian citizen Alexander Vinnik, 38, on holiday with his family.  A cool sea breeze flowing in through the window. And a line of special agents bursting through the door.

That was July 25 and the FBI confronted Vinnik with a long list of alleged crimes: Drug trafficking, involvement in a criminal gang, and the small matter of laundering $4 billion of bitcoins.

Thought to be the owner of BTC-e, one of the largest cryptocurrency exchanges in Russia (an Internet exchange platform), the authorities accuse Vinnik of using it for “cleaning” stolen money. According to investigators, it all began in 2011 when he opened the exchange and money stolen from competitors was stashed in its accounts.

What is known about Vinnik's shady cryptocurrency exchange

At the beginning of 2016, cryptocurrencies in Russia were not welcomed by the government, however, in November last year the currency was “not illegal” in the country. Back then little was publicly known about the owners of BTC-e. People just spoke of two administrators cum programmers named Alexander and Alexei who worked in Skolkovo (Russia's equivalent of Silicon Valley).

However, the BTC-e platform was one of the main cryptocurrencies for Russians and was in the world’s top ten in terms of trade volume. After being blocked by the authorities it quickly obtained "mirrors" (duplicate servers) and managed to hold on to the majority of its users.

Millions of dollars a day circulated through BTC-2, says Alexei Bragin, a member of the Blockchain. Community board of directors and technical director at the Safello Exchange. In Russia, cryptocurrencies - bitcoins in particular - were associated with drugs, pornography, and arms trafficking, which is why those who created such platforms chose to remain anonymous.

"With time the market was legalized, but the founders of BTC-e remained in the shadows, which is not a good sign," notes Bragin. In his words, the platform had a good reputation in the business world and large companies used it, "but this exchange always worked in the gray zone and it didn't have any permits to conduct financial activity."

Representatives of the sector said that the exchange is registered in Cyprus, its servers in Bulgaria, and several banks are involved in operations, one of which is in the Czech Republic.

Alexander Vinnik, suspected of running a money laundering operation, is escorted by a plain-clothes police officer to a court in Thessaloniki, July 26, 2017.  / ReutersAlexander Vinnik, suspected of running a money laundering operation, is escorted by a plain-clothes police officer to a court in Thessaloniki, July 26, 2017. / Reuters

Why did the accused prefer Bitcoin?

Shady markets have a demand for Bitcoin, the most popular virtual currency in the world, which is why it’s associated with criminality. But in several European countries, or in Japan for example, it’s absolutely legal (for now this does not concern Russia, because cryptocurrencies do not have a legislative basis).

Cryptocurrencies appeal because mediators (banks and brokers) are cut out of transactions. The transfer from one wallet to another also remains anonymous. Today one bitcoin is worth about $2,800 [at the time of writing].

How did Vinnik do it?

The U.S. Department of Justice believes that Vinnik's criminal career kicked off in 2011, when he established the exchange and the Mt. Gox rival exchange, based in Japan, began selling money. For several years, hackers regularly found a way into the electronic wallets of private individuals and organizations at Mt. Gox, until the largest exchange in the world (up to 70 percent of all operations in cryptocurrency) filed for bankruptcy.

As a group of investigators from WizSec (Bitcoin Security Specialists) was able to find out, the key figure behind these thefts was Russian Alexander Vinnik. The group analyzed the transactions and noticed that the stolen money (including money from other exchanges) had wound up in his so-called e-wallet. “After the coins entered Vinnik's wallet, most were moved to BTC-e and presumably sold off or laundered,” said the investigators.

What now?

“To be clear, this investigation has found evidence to identify Vinnik as a money launderer, not a thief,” WizSec believes. It has given all the information to the U.S. special services.

Now Vinnik risks being extradited to America, sentenced to 20 years in prison, and hit with a $500,000 fine. The Russian denies all accusations while BTC-e is temporarily not working. The exchange's twitter says that restoration work will be conducted for five to 10 days.

Cryptocurrency fraud is still a unique story: "Recently there have been cases involving the illegal removal of money from companies with good reputations that collect money from investors for developing their projects…. But I'll go as far to say that many of the operations are not related to money laundering. For now we shouldn't say that this type of fraud is very common," says general director of Zecurion Alexander Kovalev.

We talked to WizsSec’s Kim Nilsson, who helped trace the suspect:

Kim Nilsson. / RBTHKim Nilsson. / RBTH

From your company’s report we have learned that Vinnik and his group stole from the MtGox exchange more than once (in 2011, 2012, and 2013). Each time money settled in his own wallet and was later moved to the BTC-e and other exchanges. What was the weak point of Vinnik's scheme?

Depending on how you look at it, it was actually a single theft. MtGox's private keys were compromised once, back in 2011. And they were later given to Vinnik who passed them through his wallets. The weakness was that after he received these bitcoins and laundered them he had to move them out to exchanges for selling and turning them into cash. Not only to BTC-e, but to other exchanges, like MtGox itself. And that left traces that led a trail back to him.

Why did he kept the funds in his own internal storage, and not spread them to other addresses?

To some degree, whenever you use bitcoin, you scatter your funds between different addresses. But unless you're careful, once you start spending them they become connected again. Because you see all the money flowing back to the same place. He definitely was not as cautious as he should have been. Once we learned where the coins coming out of MtGox were going, it was easy to start grouping his addresses together and detecting his entire holdings over time.

As for why he wasn't more careful, I can only speculate. He probably didn't think it was necessary.

When did you find him and begin to track his activity?

I've been looking into the case since 2014. But it wasn't until 2015 or early 2016 that my investigation focused more on identifying those coins going out of MtGox. For the last year or so I've been aware of this evidence that implicates Vinnik and the scheme. It felt important not to go public too soon, it was better to keep investigating and making sure. And also to avoid tipping anyone off.

How did you connect his nickname to his real name?

He actually used his real name online, which is a gap in security. I saw his name quite a while back but I assumed it was actually an alias since I didn't consider the possibility he would use his real name. Only after his arrest did I realize it was actually his real name.

What was his role in this scheme? Is he a thief, a hacker, a man whose function is only to "launder" stolen goods, or a mastermind?

Most evidence points to him being a money launderer. But thinking a little bit beyond that, if you are a money launderer receiving these large amounts of money from thieves you have to have some sort of established relationship with them. So I think that's going to be next couple of steps to sort out directly - how closely he worked with various hackers and was he directly involved with the thefts himself.

Is this type of fraud - laundering through bitcoins - now widespread?

I actually think it's been widespread for a few years now. Even going back to when this theft started in 2011 - it was a significant chunk of cryptocurrency activity - moving funds in a way that does not involve moving them through traditional banking systems. In the years that have followed, the exchange rate of Bitcoin has increased dramatically and now it's worth a lot of money, which has attracted even more attention from current criminal elements.

Could these events influence the course of the cryptocurrency?

Not as much as you might think. I think Bitcoin would have been on the same path regardless of whether this happened. It might have had an effect on price to some degree, because all of the funds that moved through this money laundering network were being sold back into the market. Maybe it was pushing the price down. Maybe after removing criminal elements from this market we will see prices increase. 

Read more: From art theft to serial killings: 5 major Russian crimes that were solved

If using any of Russia Beyond's content, partly or in full, always provide an active hyperlink to the original material.

We've got more than 1,8 million followers on Facebook. Join them!

This website uses cookies. Click here to find out more.

Accept cookies