OCR of the Document | National Security Archive

-FI- DJ 4 0 5 43- 232 BRIAN J STRETCH CAEN 163973 2 2% United States Attorney 0_ 22 Ha 9 BARBARA J VALLIERE DCBN 439353 42 2 4 Chief Criminal Division L219 – 6 WIT FRENTZEN LABN 24421 5 Assistant United States Attorney 450 Golden Gate Avenue Box 36055 San Francisco California 94102-3495 Telephone 415 436-6959 415 436 7234 SEALED BY GOUHT QHQEH Attorneys for the United States – UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF CALIFORNIA SAN FRANCISCO DIVISION UNITED STATES OF AMERICA CASE NO CR 15-00227 SI Plainti UNITED MOTION To SEAL SUPERSEDING ARREST v WARRANTS ORDER CANTON BUSINESS 3 CORPORATION UNDER SEAL and 3 AIM ER VINNIK Defendants I MOTION TO SEAL kooeummh’mwu NThe United States hereby moves the Court for an order sealing this Motion and Order Arrest Warrants and the Superseding Indictment The government believes that if the defendants are made aware of these documents before they are arrested that they may make e orts to avoid being arrested Date January 12 2017 Respectfully Submitted BRIAN T STRETCH United States Attorney WEELAM FRENTZEN Assistant United States Attorney Fri memes omen Based upon the foregoing request the Court hereby ORDERS that this Motion and Order Arrest Warrants and the Superseding lndictrnent shall he led and kept under sea by the clerk of the Court tmtil irther order of the Court The Court hereby ntherlORDERS that any representative of the llUnited States Attorney s O ce or the Internal Revenue Service shall be allowed to obtain a copy of the Superseding Indictment without further order of the Comt Hort SALLIE KIM UNITED STATES JUDGE Dated January 2017 MOTION To SEAL – Hm’teh gnome Eiettirt Qfourt FOR THE NORTHERN DISTRICT OF 50 – I VENUE SAN FRANCISCO 7 015% 5- 38 Hnui’ UNITED STATES OF AMERICA SEALED V- BY SHEER ag W BTC-E AIKIA CANTON BUSINESS CORPORATION and ALEXANDER VINNIK DEFENDANHS SUPERSEDING INDICTMENT 1E U S C 1960 – Operation of en Unlicensed Money Service Business 13 U S C 195601 – Conspiracy to Commit Money Laundering 13 U S C – Money Laundering 13 U S C 1957 – Unlawful Monetary Transactions and 13 U S C – Criminal Forfeiture A true hill Filed in open court this day of fan WM 20 7 N0 – Clerk – Bu Erna Foreman AD 95 Rev DEFENDANT INFORMATION RELATIVE TO INFORMAHON INDICTMENT SUPERSEDING av El COMPLAINT A CRIMINAL ACTION – IN U S DISTRICT COURT Name of District Court andror JudgelMagistrate Location NORTHERN DISTRICT OF CALIFORNIA this personrproceeding Is transferred from another district OFFENSE CHARGED SAN FRANCISCO DIVISION use 5 1960- Operation ofen Unlicensed Money Service Petty Business 13 U S C – Conspiracy to Commit Money Laundering Laundering 1 WW r DEFENDANT – u s 13 uses 1957 – Unlawful Monetary Tran sections and Misde- Isustc Forfeiture meenor ETC-E WA CANTON BUSINES COHWON DISTRICT NUMBER PENALTY Please see attachment – on 16 00227 5 0 BY 490 3266GHBER 53 9 PROCEEDING IS NOT IN CUSTODY o cga f Has not been arrested pending outcom rooeeding Name of Compialntant Agency or Person a Title If any 1 It not detained give date any prior Intern at Revenue Service summons was served on above charges person to awaiting trial in another Federal or State Court 2 Is a Fugitive give name of court 3 Is on Ball or Release from show District per circle one 2D 21 or 40 Show District – IS IN CUSTODY 4 On this charge this is a represecution of charges previousiv dismissed 5 On another conviction which were dismissed on motion SHOW Federal State of DOCKET NO 5 To HEY DEFENSE Awaiting trial on other charges CI If answer to 6 Is Yes show name of institution this prosecution relates to a – pending case involving this same Hes detainer Yes Entire defendant MAGISTRATE been led CI No led CASE NO pn or proceedings or appearancets DATE OF Mon Daerear before us Magistrate regarding this ARREST defendant were Wide mar IrAnosIIng Agency at Wenant were not Name and Of ce of Person DATE TRANSFERRED Monthr’Dainear FumIShing Information on this form BRIAN I STRETCH TO U3 CUSTODY U3 Attorney 1 Other U S Agency Name of Assistant U S This report amends A0 25 previoust submitted Attorney If assigned WILLIAM FHENTZEN ADDITIONAL INFORMATION OR COMMENTS PROCESS El summons no WARRANT It Summons complete following Arraignment Initial Appearance Defendant Address Comments Ball Amount More defendant previoushr apprehended on compteint no new summons or warrant needed since Magistrate has scheduled arraignment Daten’irne Before Judge ATTACHMENT TO PENALTY SHEET AIKIA CANTON BUSINESS CORPORATION COUNT ONE 18 U 1960 – Operation of an Unlicensed Money Service Business 5 years imprisonment COUNT TWO 13 U S C 1956 11 Conspiracy to Commit Money r Laundering Not more than 20 years imprisonment not more than $500 000 ne or twice the value of the property involved in the transaction whichever is greater not more than 3 years of supervised release and a $100 special assessment COUNTS THREE THROUGH 18 U S C 1956 a 1 A i and – I Money Laundering Not more than 20 years imprisonment not more than $500 000 ne or twice the value of the property involved in the transaction whichever is greater not more than 3 years of supervised release and a $100 special assessment COUNTS TWENTY THROUGH TWENTY-ONE 13 U S C 1957 Engaging in Unlawful Monetary Transactions Not more than 10 years imprisonment not more than $500 000 ne or twice the value of the property involved in the transaction whichever is greater not more than 3 years of supervised release and a $100 special assessment FORFEITURB ALLEGATION 13 use 982 a 1 Criminal Forfeiture Ao 2’s Rev one I DEFENDANT INFORMATION RELATIVE TO A CRIMINAL ACTION – iN U S DISTRICT COURT av El COMPLAINT Ci INDICTMENT suesnseomo OFFENSE CHARGED 18 use a 1960 – Operation ofan Unlicensed Money Service Petlv Business 18 U S C 195tiihi- Conspiracy to Corn Money Laundering is Laundering CI use 5 195 – Unlawful Monetary Transactions and MI is use 5- sexism – Criminal Forfeiture m r Felony PENALTY Please see attachment PROCEEDING Name of Complaintant Agency or Person Title if any lntemal Revenue Service person Is awaiting trial in another Federal or State Court give name of court this personiprooeedlng is iransfemed from another district El per Circle one 20 21 or 40 Show District is a reprosemtion of charges previously dismissed which were dismissed on motion SHOW oi DOCKET NO u s ATronNEv DEFENSE this prosecution relates to a pending case involving this same defendant MAGISTRATE – CASE NO prior proceedings or appearanceis 3 before US Magistrate regarding this defendant were recorded under Name and Cities of Person Furnishing information on this form BRIAN J STRETCH U S Attorney 3 Elmer U S Agency Name of Assistant US -Attomev if assigned WILLIAM FRENTZEN i oneness summons CI N0 WARRANT If Summons complete following Arraignment 3 initial Appearance Defendant Address Comments Name of District Conn andror JudgeiMaglslIate NORTHERN DISTRICT OF CALIFORNIA SAN FRANCISCO DivisroN ALEXANDER viNNiK bgeabe 7 5% COURT NUMBER tting ix 9 J – 6 $94 900 4 4 is 0 DEFENDANT is NOTIN CUSTODY Has not been attested pending outcome this proceeding 1 If not detained give date any prior summons was served on above charges DEFENDANT – U3 2 is a Fugitive 3 is on Bail or Release Item show District IS IN CUSTODY 4 On this charge 5 On another conviction Federal State 6 j Awaiting trial on other charges If ansvver to S is- Yes show name of institution If Yes give date led MonWaniY ear Has detainer Yes been led No DATE OF ARREST if Arresting Agency eWarrant were not DATE TRANsrenneo Montthainear TO u s cusroov ADDITIONAL INFORMATION OR COMMENTS Bail Amount hitters defendant previoosbr apprehended on complaint no new summons or warrant needed since Magistrate has entertained arraignment Datei l lme This report amends A0 25 previoust submitted Before Judge ATTACMNT TO PENALTY SHEET ALEXANDER VINNTK COUNT ONE 18 U S C $1960 Operation of an Unlicensed Money Service Business 5 years imprisonment I COUNT TWO 18 U S C 195601 Conspiracy to Commit Money Laundering Not more than 20 years imprisonment not more than $500 000 ne or twice the value of the property involved in the transaction whichever is greater not more than 3 years of supervised release and a $100 special assessment COUNTS THREE THROUGH NINETEENMoney Laundering Not more than 20 years imprisonment not more than $500 000 ne or twice the value of the property involved in the transaction whichever is greater not more than 3 years of supervised release and a $100 special assessment COUNTS TWENTY THROUGH TWENTY-ONE 18 U S C 1957 Engaging’ in Unlawful Monetary Transactions Not more than 10 years imprisonment not more than $500 000 ne or twice the value of the property involved’ in the transaction whichever is greater not more than 3 years of supervised release and a $100 special assessment 1s U S C 982 a 1 Criminal Forfeiture I 1 BRIAN J STRETCH CABN 163973 9 United States Attomey 25 f 2 2 – 19SEALED 7 BY COURT GREEH 3 UNTIBD STATES DISTRICT COURT 9 NORTHERN DISTRICT OF CALIFORNIA 10 SAN FRANCIS C0 DIVISION 11 1′ UNITED STATES OF AMERICA UNDER SEAL 12 Plain CASE NO 01116-00227 SI 13 V m 13 U S C 1960 Operation ofan Unlicensed Money Service Business 18 U S C 14 ETC-E CANTON BUSINESS 1956 h Conspiracy to Commit Money CORPORATION Laundering 18 U S C 1956 a 1 Money 15 Laundering 18 U S C 1957 Unlawful Monetary and- Transactions 18 DEC 982 a 1 Criminal – 16 Forfeiture AIHANDER VINNIK 17 SAN FRANCISCO 1 Defendants _1s 19 20 – The Grand Jury charges 21 – MRODUCTORY ALLEGATIONS 22 – At all times relevant to this Indictment 23 – I 1 Since at least apprordrnately 2011 through and including the present both dates being approximate and inclusive the defendant operated as one of the world s largest and most widely I 26 used digital currency exchanges Since its inception processed several billion dollars worth of 27 monetary exchanges was an exchange for cybercriminals worldwide and one of the principal – 23 entities used to Murder and liquidate criminal proceeds oru digital cunenoies including Bitcoin to at 1 KDWEJOHLD currencies 1 including US dollars Euros and Rubles At all relevant times the defendant ALEXANDER VINNIK together with individuals knovm and unknown directed and supervised e s operations and nances I 2 was an intemational money-laundering scheme that by virtue of its business model catered to criminals and to cybercziminals in particular Through efforts emerged as one of the principal means by which cvber criminals around the world laundered the proceeds of their illicit activity facilitated crimes including computer hacking and ransomware fraud identity theft tax re md fraud schemes public corruption and drug trafficking 3 laclted basic anti-money laundering controls and policies and as such was attractive to those who desired to conceal criminal proceeds as it made it more dif cult for law enforcement to trace and attribute funds 4- Since its founding received criminal proceeds of numerous computer intrusions and hacking incidents ransomware scams identity theft schemes corrupt public of cials and narcotics distribution rings Among other things accounts received substantial proceeds from the hack of the now-de mct Mt Gox digital currency exchange and also received a substantial portion of the criminal proceeds from one of the largest ransomware schemes 5 As described rrther below the defendants and their ctr-conspirators including those known and unknown to the Grand Jury intentionally created structured and-operated as a criminal business venture one designed to help criminals launder their proceeds and one they themselves used to launder criminal proceeds The defendants thus attracted and maintained a customer ll base that was heavily reliant on criminals 6 Despite doing substantial business in the United States was not registered as a Fiat currency is simply a currency established by government regulation or law e g US Dollars Euros Japanese Yen British Pounds Russian Rubles Chinese RMB etc 2 1 money sendces business with the United States Department of the Treasury s Financial Crimes 2 ii Enforcement Network as federal law requires As described further below had no meaningful anti-money laundering processes in place and lacked an e ‘ectiye anti money laundering program as federal law also requires 7 This was in contrast to other registered digital currency exchanges that through their anti-money laundering programs stroye to avoid having their platforms used for criminal activity Most of those exchanges described their operations down to listing the names photos and backgrounds of their management the location of their businesses and their regulatory compliance policies 10 8 relied on the use of shell’companies and af liate entities that were similarly 11 unregistered with FinCliTN and lacked basic anti-money laundering and Know Your Customercompany CANTON BUSINESS CORPORATION was based in the Seychelles but a iliated with a policies These entities catered to an online and worldwide customer base and electronically muled at currency in and out of own website stated it was located in Bulgaria yet i simultaneously stated it was subject to the laws of Cyprus Meanwhile managing shell 17 Russian phone number and its web domains were registered to shell companies in countries including 18 Singapore the British Virgin Islands France and New Zealand 19 BACKGROUND 20 9 Bitcoin is a form of decentralized convertible digital currency that existed through the 21 use of an online decentralized ledger system 2 Bitcoin is just one of many forms of digital currency 22 There are many others including iitecoin others worldcoin and dogecoin However bitcoin has the 23 largest market capitalization of any present form of decentralized digital currency 24 I 10 While bitcoin mainly exists as an ntemetjbased form of currency it is possible to print 25 out the necessary information and exchange bitcoin via physical medium The currency is not issued 26 – 2 I 2 Since Bitcoin is both a currency and a protocol capitalization differs Accepted practice is to 23 I use Bitcoin singular with an uppercase letter B to label the protocol software and community and i bitcoin with a lowercase letter b to label units of the currency That practice 15 adopted here 3 any government bank or company but rather is generated and controlled through computer so ware operating via a decentralized network To acquire bitcoin a typical user will purchase them from a Bitcoin seller or exchanger- It is also possible to mine bitcoin by verifying other users transactions Bitcoin is just one form of digital currency and there are a signi cant number of other varieties of digital currency I l Bitcoin exchangers typically accept payments of at currency currency which derives its value ‘orn government regulation or law or other convertible digital currencies When a user wishes to purchase bitcoin from an exchanger the user will typically send payment in the form of at currency often via bank wire or ACH or other convertible digital currency to an exchanger for the corresponding quantity of bitcoin based on a fluctuating exchange rate The exchanger often for a commission will then typically attempt to-broker the purchase with another user of the exchange that is trying to sell bitcoin or in some instances will act as the seller itself If the exchanger can place a buyer with a seller then the transaction can be completed Ii 12 When a user acquires bitcoin ownership of the bitcoin is transferred to the user’s bitcoin address The bitcoin address is somewhat analogous to a bank account number and is comprised of a case-sensitive string of letters and numbers amounting to a total of 26 to 35 characters The user can then conduct transactions with other Bitcoin users by transferring bitcoin to their bitcoin addresses via the Internet 13- Little to no personally identi able information about the payer or payee is transmitted in a bitcoin transaction itself Bitcoin transactions occur using a public key and a private key A public key is used to receive bitcoin and a private key is used to allow withdrawals from a bitcoin address- Only the bitcoin address of the receiving party and the sender’s private key are needed to complete the transaction These two keys by themselves rarely re ect any identifying information 14 All bitcoin transactions are recorded on what is known as the blockchain This is essentially a distributed public ledger that keeps track of all bitcoin transactions incoming and outgoing and updates approximately six times per hour The blockchain records every bitcoin address that has eyer received a bitcoin and maintains records of every transaction for each bitcoin address 15 Digital currencies including bitcoin have many known legitimate uses However much 4 it lilce cash bitcoin can be used to facilitate illicit transactions and to launder criminal proceeds given the ease with which bitcoin can be used to move funds with high levels of anonyu ty As is demonstrated herein however in some circumstances bitcoin payments may be effectively traced by analyzing the blockchain OVERVIEW 16 was founded in or about 2011 In the years it operated has served approximately 7 0 000 users worldwide including numerous customers in the United States and customers in the Northern District of California BTC-e-touts itself as a platform for individuals hue-rested in buying and selling bitcoin using an assortment of world currenciesf in other words a digital currency exchange 17 Through the work of VINNIK and others known and unknown to the Grand Jury became one of the primary ways by which cybercriminals around the world transferred laundered and stored the criminal proceeds of their illegal activities U S dollars and Russian rubles were the most equently exchanged at currencies on the platform while Bitcoin and litecoin were the most widely exchanged digital currencies ’13 Because such a signi cant portion of business was derived from suspected criminal activity and given its global reach the scope of the defendants unlaw il conduct was massive A During the relevant timeframe from 20 to December 30 2016 bitcoin addresses associated with BTC- had received over 9 4 million bitcoin Bitcoin s rapidly uctuating exchange rate makes it dif cult to determine the U S Dollar value of this quantity of bitcoin over time However using today s bitcoin exchange rate the total value of bitcoin received by over the course of its operation would be valued at over $9 billion In 2016 alone received over 1 8 million bitcoin valued at over $1 7 billion at today s errchange rate 3 3 This is calculated using the December 30 2016 bitcoin trading value of approximately $9652 per bitcoin Since August 2011 the Blitcoin market price has uctuated item a low of roughly $2 to a high 5 19 Notably the above gures only include bitcoin exchanged on the platform and do not even include the deposits and withdrawals made in other digital currencies such as litecoin nor do these gures take into account well over a billion dollars worth of what is known as code- code enabled a user to send andJor receive at currencies and digital currencies to other users 20 I maintained its servers in the United States The servers were one of the primary ways in which and the defendants effectuated their operations also used many third 9 party companies including companies within the Northern Disnict of California to effectuate their operations and enable them to function 21 At its inception was one of a number of digital currency exchanges It was engaged in the same line of business as other enline digital currency exchanges in existence at the time including Liberty Reserve Liberty Reserve was a Costa Rica-based centralized digital currency service that laundered approximately $6 billion in criminal proceeds It was shuttered in 2013 when its founder and six other individuals were charged with conspiracy to commit money laundering and with operating an unlicensed money transmitting business Liberty Reserve s website was seized by the U3 governnrient 1 22 There was an overlap between many Liberty Reserve users and users itself was a user of Liberty Reserve 23 Another digital currency exchange in operation between 2011 and 2014 was the MTGOX Exchange Gox that was originally founded in San Francisco but ultimately based in Tokyo Japan In 2014 Mt- Gox collapsed having been the target of a series of major intrusions that resulted in thefts totaling several hundred million dollars worth of bitcoin In 2014 Mt Gox led for bankruptcy in of approximately $1200 per bitcoin and has varied dramatically over time 6 1 2 3 4 Japan 24 After the collapse of Liberty Reserve and with the intrusions and accompanying issues that Mt Gox experienced rapidly grew The volume of transactions it performed and its number of users expanded lling the vacuum left by entities like Liberty Reserve and Mt Gox 29- ENTITIES AND INDIVIDUALS CANTON BUSINESS CORPORATION was a shell cOrPOration used as a front for BTC-els Operations Like CANTON was not registered with Financial and other records demonstrate that CANTON was synonymous with VINNIK a Russian national was a primary bene cial owner of nancial accounts Although CANT listed business address was in the Seychelles it operated using a Russian telephone number 30 – VINNIK also operated and controlled multiple accounts including a account known as the bedE account- The account was tied directly to administrator accounts Numerous withdrawals from administrator accounts went directly to bank accounts tied to VINNIK 31 Another such administrator account associated with VINNIK was the Vamnedam 5 account The Varnnedarn account was directly linked to the administrative nancial operational and support accounts accounts to which only those involved in the operations of the enterprise would have had access Proceeds from Well-brow hacks and thefts from bitcoin exchanges and users around the world mded the Vamnedarn account Out of the Vainnedam account large payments were made to accounts associated with VINNIK and others known and unknown to the Grand ‘Jury including a Russian national hereafter referred to as unindicted X who is alleged to have access to the Vamnedarn account ETC-E FUNCTION 32 -To use one created an account by accessing the website A user did not need to provide even the most basic identifying information such as name date of birth address or other identi ers All that reouired was a usemanic password and an email address Unlike 24 legitimate payment processors or digital currency exchangers did not require its users to validate their identity information by providing of cial identification documents given that did not require an identity at all 5 Vainnedam means will not give it to you in Russian 8 33 Thus a user could create a account with nothing morelithan a username and email in address which often bore no relationship to the identity of the actual user Accounts were therefore easily Opened anonymously including by customers in the United States within the Northern District of California- 34- At all times relevant to this Indictment had no anti-money laundering andfor Know-Your -Customer KYO processes and policies in place As discussed above collected I virtually no customer data at all Nor did or its shell companies ever register with or perform these functions on behalf 35 A user could fund a account in numerous different ways One way involved funding the account with at currency that would be converted into digital currency such as bitcoin With at currency a user could initiate a wire transier from a nancial institution made directly for the bene t of to an account at another nancial institution which was routed to a bank account maintained by one of shell or af liated companies 36 Another way involved funding a account with a user s existing digital currency A user with existing digital currency such as bitcoin could fund a account directly via bitcoin deposits BTC-e’users could also purchase code that could he sent and exchanged amongst users code enabled a user to send and or receive at currencies and digital currencies to other users This served as another conduit for money laundering as it allowed customers to withdraw funds from their account and transfer them to other users anonymously 37 business model obscured and anonymiaed transactions and source of uids For example a user could not fund an account by directly transferring money to itself but rather had to wire fluids to one of shells or af liate entities Nor could users withdraw funds ‘orn their accounts directly such as through an ATM withdrawal Instead users were required to make any deposits or withdrawals through the use of third-party exchangers thus enabling to avoid collecting any information about its users through banking transactions or other activity that would leave a centralized nancial paper trail 33 Once a user funded an’account with the user could then do any number of things conduct transactions with other users exchange digital currency into at currency or simply use to store digital currency deposits much like a bank 39 Like other digital currency exchanges charged transaction fees for their services charged a percentage fee every time a user transferred funds held in to another user through the system In addition charged a percentage fee every tithe a user used to exchange digital currency held in a account into fiat currency 6 4D In addition to the fees charged users were charged additional fees hy- each taking a percentage of the funds exchanged These added fees were associated with getting money in and out of the platform through these funding mechanisms mechanisms that obfuscated the true sender of the currency I 41 Those engaged in criminal activity using gravitated to because of the site s lack of anti-money laundering and processes in place that could have them reported to the government Criminals who used to launder funds were also willing to go to the extra trouble of wiring money offshore to entities that operated through shell companies 10 p r hamqasm-bwbd 5590 42 made a series of self serving public statements designed at least in part to de ect the attention of law enforcement and regulators For example despite advertising on their website that require our clients to verify identity by providing sic scanned copy of ID and scanned copy of utility bill or a bank statement which should not be older then sic 6 month Copy should be in good resolution and color this process was not in fact followed As discussed no customer identi cation whatsoever was required to set up accounts including accounts set up by customers in the Northern District of California 43 Lilcewise the website advertised that don’t accept any more international wire transfers from’US Citizens or ‘orn US Bank This too was false Through its elaborate funding mechanisms did in fact knowingly accept wire transfers from banks in the US and made by US citizens CRIMINAL DESIGN 44 As described above system was designed so that criminals could accomplish nancial transactions with anonymity and thereby avoid apprehension by law enforcement hr seizure of funds was in fact thus used extensively for illegal purposes and particularly since the collapse of entities like Mt Gox and Liberty Reserve it functioned as the exchange of choice to convert digital currency like bitcoin to fiat currency for the criminal world especially by those who committed their crimes online 45 The defendants were aware that functioned as a money laundering enterprise Messages on its own forum openly and explicitly re ected some of the criminal activity in which the users on the platform were engaged and how they used to launder funds 46 users established accounts under monikers suggestive oi criminality including monikers such as CocaineCowboys blackhathackers dzkillerhacker and hacker4hire 47 This is not surprising because criminals used to launder criminal proceeds and 11 transfer funds among criminal associates In particular it was used by hacking and computer intrusion rings operating around the world to distribute criminal proceeds of their endeaVors It was also used by rings of identity thieves corrupt public of cials narcotics distribution networks and other criminals 48 ‘In fact some of the largest known purveyors of ransomware used as a means of storing distributing and laundering their criminal proceeds Ransomware is a criminal scheme in which cybercriminals orchestrate the unwanted malicious download of software on an unsuspecting victim computer It works as follows once a victim is infected with the malicious software often by eliciting on a fraudulent email the ransomware will multiple les types on victim machines and ll hold those les for ransom requiring the victim to pay the administrators of the ransomware scheme in order to have their files Victims that pay the ransom are able to their les by using a stand-alone program provided by the ransomware administrators after the ransom payment has been ‘made The method of implemented by the ransomware if properly executed renders it impossible for victims to their les in any other way The most prevalent payment method accepted by current purveyors of ransomware is Ibitcoin 49 One such ransomware scheme was distributed by methods including fraudulent and phishing emails – was one of the most infamous varieties ofransomware and has infected a vast number of computers across the world During the timeframe relevant to this I Indictment the purveyors of deposited and laundered many hundreds of thousands of dollars worth of ransom payments into ‘1 50 So too did a pair ‘of corrupt US federal agents Carl Mark Force and Shaun Bridges use to launder their criminal proceeds Their experience with the criminal underworld taught them that using as opposed to a registered exchange with anti-money laundering policies would maximize their chances of being able to conceal criminal proceeds Each therefore sent several hundred thousand dollars in criminal proceeds derived from crimes ranging om the of government property 12 Mt Gox suffered to extortion to the platform for laundering 51 also seryed as the receptacle and transmitter of criminal funds from a series of well-publicized computer intrusions and resulting thefts including the well publicized thefts from the Japan-based Mt Gox exchange As discussed below a sizable portion of the stolen Mt Gox funds were deposited into accounts controlled owned and operated by and by defendant and others lmown and unlmown to the Grand Jury 52 The Mt Gox exchange was the subject of a series of computer intrusions and resulting thefts between approximately September 2011 and May 2014 in violation of Title 18 United States Code Section1030 a fl Several hundred millions dollars worth of bitcoin was stolen including from numerous customers in the U S and within the Northern District of California After the thefts some approximately 50 0 000 of the bitcoin worth hundreds of millions of dollars stolen from Mt Gox was deposited into wallets at three di erent digital currency exchanges ii Trade Hill another exchange based in San Francisco and back into Mt Gox into a different Mt Gox wallet 53 Of this 530 000 bitcoin 7 300 000 of it was sent directly to three separate accounts Vamnedarn and Petr These accounts were all linked to each other 54 Meanwhile blockchain analysis reveals that the stolen Mt Gox funds that went to Trade Hill and back into the other Mt Gox account were controlled by a user who also controlled a account called At all times relevant to this Indictment defendant VINNIK exercised control over the account 55 The Vamnedar n Grmbit Pet and accounts were each directly linked-to a variety of different administrative accounts accounts for which only administrators andr’or operators would have had access The Vamnedam account was similarly a 7 The amount of bitcoin stolen from Mt Gox accounted for just under half of the total thefts that 13 U1 10 ll 12 56 VINNIK along with others known and unknown controlled and operated the I Vamnedam account Between approximately August 2013 and November 2015 C0- CONSPIRATOR it and identi es linked to VINNIK and to received direct payments ‘om the Vamnedam account to their own personal digital currency accounts at another digital currency Cyprus and Latvia tied to VINNIK and other identities associated with VINNIK and STATUTORY ALLEGATIONS COUNT ONE 18 U S C 1960 Operation of an Unlicensed Money Transmitting Business 57 The factual allegations in paragraphs 1 through 60 are ire alleged and incorporated herein as ifset forth in full 53 Title 18 United States Code Section 1960 makes it a crime to operate an unlicensed 13 ll money transmitting business The term money transmitting includes transferring funds on behalf public by any and all means including but not limited to transfers within this country or to locations abroad by wire check draft facsimile or courier This statute makes’ it a’violation to conduct a money transmitting business if the business is not registered as a money transmitting business with the Secretary of the Treasury as required by a separate statute Title 31 United States Code Section 5330 and federal regulations pursuant to that statute- 59 The regulations Speci cally apply to foreign-based money transmitting businesses doing substantial business in the United States Lee C F R 1022 3 60 From in or about 2011 up to and including in or about May 2016 both dates being approximate and inclusive in the Northern District of California and elsewhere the defendants a lda CANTON BUSINESS CORPORATION and ALEXANDER VINNIK I and others known and unloiown to the Grand Jury lmowingly conducted controlled managed supervised directed and owned all and part of a money transmitting business affecting interstate and foreign commerce i e which failed to comply with the money transmitting business i1 14 exchange Bitstamp These bitcoin were then exchanged into at ciurency and sent to bank accounts in I 500 28′ registration requirements set forth in Title 31 United States Code Section 5330 and the regulations prescribed pursuant to that statute including 31 C F R Sections 5 and 1022 3 80 a t2 and ii otherwise involved the transportation and transmission of funds known to the defendants to have been’derived from a criminal offense and intended to be used to promote and support unlawful activity All in violation of Title 18 United States Code Sections 1960 do 2- COUNT TWO 18 USC 195 6 h Conspiracy to Commit Money Laundering 61 The factual allegations in paragraphsl through 60 are re-alleged and incorporated herein as if set forth in ill I 62 From in or about July 2011 through in or about January 2017 both dates being approximate and inclusive within the Northern District of Oalifornia and elsewhere the defendants allda CANTON BUSINESS CORPORATION and ALEXANDER VINNIK and others known and unknown to the Grand Jury winnmy and knowingly did combine conspire confederate and agree together and with each other to knowingly conduct and attempt to conduct nancial transactions affecting interstate’comruerce and foreign commerce which transactions involved the proceeds of speci ed unlawful activity that is Operation of an unregistered money transmitting business in violation of Titie’18 United States Code Sections 1960 computer hacking and intrusions in violation of Title 18 United States Code Section 1030 identity theft in violation of Title 18 United States Code Section 1028 interstate transportation of stolen property in violation of Title 18 United States Code Section 2314 the of government proceeds and extortion in violation of Title 18 United States Code Sections 641 and 1951 and narcotics traf cking in violation of Title 21 United States Code Section 841 with the intent to promote the carrying on of the Speci ed unlawful activity and that while conducting and attempting to conduct such nancial transactions lcnew that the property involved in the- nancial transactions represented the proceeds of some form of unlawful activity in violation of Title 13 United States Code Section All in violation of Title 18 United States Code Section 1956 h 15 noneqmmh COUNTS THREE THROUGH NINETEEN 18 U S C 1956 a 1 A i and – Money Laundering On or about the dates described below in the Northern District of California and elsewhere the defendant ALEXANDER VINNIK aided and abetted by others known and uni-clown to the Grand 1 ury did knowingly conduct and attempt to conduct the listed nancial transactions affecting interstate and foreign commerce which involved the proceeds of a specified unlawful activity that is accessing a computer in furtherance of fraud in violation of Title 18 United States Code Section 103 and with the intent to proniote the carrying on of said Speci ed unlawful activity and knowtng that the transaction was desrgned tn whole and in part to conceal and disguise the nature location source ownership and proceeds of said speci ed unlawful activity and that while conducting and attempting to conduct such nancial transaction knew that the property involved in the nancial transaction represented the proceeds of some form of unlawful activity- COUNT DATE AMOUNT AMIOUNT TRANSACTION ETC U513 THREE 0112312012 90 BTC $567 00 Transfer into Tradehill FOUR 0112312012 83 BTC $522 07 Transfer of BTC into Tradehill FIVE 0112312012 61 ETC $3 83 69 Transfer into Tradehill SIX 01112412012 91 ETC $573 30 Transfer of BTC into Tradehill SEVEN 0112412012 90 ETC $567 00 Transfer into Tredehill EIGHT 0112412012 99 ETC $623 70 Transfer mto TradEhill NINE 0112412012 533 ETC $3 357 90 Transfer into Tradehill TEN 0112412012 1900 BTC $11 970 00 Tran5f r into Tradehil ELEVEN 0112412012 579 BTC $3 647 70 Transfer into Tradehill TWELVE 0112412012 2 BTC $12 60 Transfer of BTC into Tradehill THIRTEEN 0112712012 1000 BTC $5 290 00 Transfer of BTC into Tradehill FOURTEEN 011 271’2012 1500 BTC $7 935 00 TraJJSfer into Tradehill FIFTEEN 0210112012 1000 BTC $5 820 00 Transfer of BTC into Tradehill I SIXTEEN 021012012 1000 BTC $5 820 00 Transfer of BTC into Tradehill SEVENTEEN 0210512012 3000 BTC $17 040 00 Transfer into Tradehill EIGHTEEN 0210512012 500 ETC $2 340 00 Transfer of BTC into Tradehill NWETEEN 020212012 2000 BT $11 200 00 Transfer into Tradehjll Allin violation of Title 18 United States Code Sections 1956 a 1 151 i and 2 16 COUNTS TWENTY THROUGH TWENTY-ONE 18 1957 Engaging in Unlawful Monetary Transactions On or about the dates described below in the Northern Dishict of California and elsewhere the defendant ALEXANDER aided and abetted by others known and unknown to the Grand Jury did knowingly engage and attempt to engage in the listed monetary transactions by through or to a nancial institution affecting interstate and foreign commerce in criminally derived property of a value greater than $10 000 that is the transactions listed below such property having been derived ‘om a speci ed unlaw il activity that is accessing a computer in of fraud in violation of Title 18 United States Code Section 1030 a 4 and COUNT oars amounr AMOUNT TRANSACTION – ETC USD TWENTY 02 05 2012 3000 BTC $17 040 00 Transfer into mucus TWENTY-ONE 02 12 2012 2000 arc $11 200 00 Transfer into mucus All in violation of Title 18 United States Code Sections 1957 and 2 FORFEITURE AQLEGATION 18 U 3 0 982 a 1 Criminal Forfeiture 63 All of the allegations contained in this Indictment are re-alleged and by this reference fully incorporated herein for the purpose of alleging forfeiture pursuant to the provisions of Title 18 United States Code Section 932 a 1 64 Upon a conviction for any of the offenses alleged in this Indictment the defendants a da CANTON BUSINESS CORPORATION and ALEXANDER VINNIK shall forfeit to the United States pursuant to 13 U S C i982 a 1 any property real or personal involved in those o ‘enses or any property traceable to such o ‘enses including but not limited to a forfeiture money judgment ’13 00 4 Ch U1 LIJ HHb ll ll II il lp ll tl l If any of the aforementioned property as a result of any act or omission of the defendants 3 cannot be located upon the exercise of due diligence b has been transferred or sold to or deposited with a third person 0 has been placed beyond the jurisdiction of the Court d has been substantially diminished in value or e has been eommingled with other property that cannot be divided without dif culty I any and all interest the defendant has in other property shall be vested in the United States and – Allin violation of Title 13 United States Code Section 982 a 1 and Rule 32 2 of the Federal Rules of Criminal Procedure DATED A TRUE BILL r7 1 7 OREPERSON BRIAN J STRETCH United States Attorney BARBARA J VALLIERE Chief Criminal Division Approved as to fonn WILLIAM FRENTZEN HAUN Assistant U S Attorneys INDICTMENT I 13 forfeited to the United States pursuant to 21 U S C 853 1 as incorporated by 18 U S C 9% UNITED STATES DISTRICT COURT 30 3ng NORTHERN DISTRICT OFCAIJF A ORNIA CRIMJNAL COVER SHEET IWM Effective November I 2016 this Criminal Cover Sheet must be completed mzdsubmi ed dong with the Dgfendmr Infomzcnioh Fom for each new Mimi case CASE NAME Canton Business Corpqra on CASE USA V and Vinnik CR 16-0022 SI Is This Case Under hut Yes No Total Number ofiJefeniiants I 8 or more Does this case involve ONLY charges Ya No under 8 U S C 1325 andinr 1326 Venue Per Grim LR 18-1 SF OAK SJ Is this a potential high-cost case Ya his Ya No Is this a RICO Act gang-case Yes Na William Frentzen – Dan- Submitted 01 17am -Comments RESET FORM – SAVE PDF Form WORM-COVER Rev ORIGINAL FILED 7 UNITED STATES DISTRICT COURT DISTRICT OF NEW JERSEY 1 3 1 LEDA DUNN WETTREJ IN THE MATTER OF THE SEARCH OF Mag No 17-8128 INFORMATION ASSOCIATED WITH SERVERS CONTAINING RELATED CONTENT STORED AT THE PREMISES CONTROLLED BY EQUINIX SEALING ORDER Leda Dunn Wettre This matter having been brought before the Court upon application of William E Fitzpatrick Acting United States Attorney for the District of New Jersey Jason S Gould Assistant United States Attorney appearing for an order sealing the search warrant issued on this date and the application and attached Affidavit in support of that warrant and for good cause shown IT IS on this let Day of July 2017 ORDERED that the search warrant the application and affidavit in support of the search warrant and all related documents except for one copy of the search warrant and inventory to be served at the time the search is executed be and hereby are sealed until further Order of this Court Dawn 70% Hon Leda Dunn Wettre United States Magistrate Judge                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu