New unsealed court documents shed fresh light on what happened with the massive amounts of bitcoin stolen from Mt. Gox, the bitcoin that was hacked spectacularly starting in 2011.
The two unsealed indictments offer a rare glimpse into the U.S. law enforcement investigations into two of the oldest bitcoin companies, Mt. Gox and BTC-e.
According to the indictment unsealed on Friday, Mt. Gox was hacked not long after the exchange was founded in 2010 by two Russian nationals, Alexander Verner and Alexey Bilyuchenko, as well as their unnamed co-conspirators. With most of its crypto gone, Mt. Gox declared bankruptcy in 2014.
In 2011, Verner and Bilyuchenko got access to the Mt. Gox users’ data and transactions database, along with the private keys for the exchange’s crypto. Between 2011 and 2014, Verner, Bilyuchenko and the unnamed co-conspirators funneled no less than 647,000 bitcoin out of the Mt. Gox wallets, the indictment released this week says.
Fully 300,000 of those coins went to BTC-e, another now-defunct crypto exchange. BTC-e was shut down by the FBI in 2017, and the exchange’s alleged operator, Russian national Alexander Vinnik, was arrested in Greece and later extradited to the U.S. to face charges for “computer intrusions and hacking incidents, ransomware scams, identity theft schemes, corrupt public officials and narcotics distribution rings.”
Bilyuchenko was the administrator of BTC-e, according to the criminal case involving him in Russia. According to his testimony, cited in the book of a Russian investigative journalist Andrey Zakharov, Verner was responsible for technical development of BTC-e. Bilyuchenko was reportedly arrested in Russia in 2019, but the whereabouts of Bilyuchenko and Verner today are not known.
Money trail
A separate indictment unsealed this week shows that Verner and Bilyuchenko transferred the bitcoin they stole from Mt. Gox to BTC-e, TradeHill (another early bitcoin exchange shut down in 2013, according to Investopedia) and their own accounts at Mt. Gox itself.
To liquidate the stolen bitcoin, Verner and Bilyuchenko used U.S. companies, the indictment says, though the document does not name particular firms that might have been involved. The investigation report unsealed by the Department of Homeland Security (DHS) this week mentions transactions between BTC-e and BitInstant and Memory Dealers, two early and now-defunct bitcoin companies.
Read more: Jeff Wilser – The Legacy of Mt. Gox – Why Bitcoin’s Greatest Hack Still MattersBitInstant was a crypto exchange founded by Charlie Shrem, who in 2014 was sentenced to two years in prison for money laundering charges. Memory Dealers was a bitcoin-friendly computer hardware vendor run by Roger Ver, the founding father of the Bitcoin Cash cryptocurrency.
Between April and November 2013, Verner and Bilyuchenko received $2.5 million from BitInstant and Memory Dealers to a bank account of BTC-e’s shell company, the Seychelles-registered Canton Business Corporation, according to the DHS.
The wire payments from BitInstant and Memory Dealers were labeled as an “Internet Advertisement Agreement,” but BTC-e did not provide any advertising services to BitInstant or Memory Dealers, the investigators found. The BTC-e operators would also send money from their bitcoin sales through multiple PayPal accounts to conceal their origins, the report says.
From March 2012 to April 2013, a crypto exchange named in Verner and Bilyuchencko’s indictment as “the New York Bitcoin Broker,” sent about $6.6 million to the hackers’ bank accounts in exchange for “credit” on BTC-e. It’s not known what firm that was exactly.
BTC-e also used the Australia-based forex exchange FX Open and U.K.-based Mayzus Financial Services for transactions with fiat money, the documents say.
Unsealing the history of BTC-e
The unsealed indictment also clears the names of several people who previously have been considered by the investigators as Vinnik’s co-conspirators in running BTC-e.
According to the previous version of Vinnik’s indictment filed under seal in 2016, the Department of Justice earlier believed that Vinnik had a co-founder, named Andrey Nikonorov, as well as co-owners of the BTC-e shell company, Seychelles-registered Canton Business Corporation, Alexander Buyanov and Stanislav Golovanov.
However, the new version of Vinnik’s indictment says that Nikonorov, Buyanov and Golovanov actually did not participate in the criminal activities related to BTC-e, but rather, Vinnik used their identities to cover his tracks, the DOJ attorney Ismail Ramsey wrote.
“When conducting business related to BTC-e, Defendant Alexander Vinnik made efforts to
conceal his true identity. This included appropriating the identities of Andrey Nikonorov, Stanislav Golovanov, and Alexander Buyanov,” the document reads.
Andrey Nikonorov, who was also a co-founder of the ZrCoin crypto project, told CoinDesk today he knew Vinnik but was merely a user of BTC-e and provided the exchange with his identifying documents to be able to conduct a bank transfer. He also believes that Vinnik himself was just an employee of BTC-e who did not come across as a wealthy business owner at all.
Russian news outlet RBK talked to Alexander Buyanov for an investigation into BTC-e in 2017, and Buyanov, who was a DJ at a Moscow nightclub at the time, told the outlet he did not know anything about BTC-e before the news of its shutdown and Vinnik’s arrest.
Mt. Gox, Silk Road, Fancy Bear
BTC-e was an exchange powerhouse back in the day, and a big part of its money came from various crimes, the DOJ says. Starting in 2011, the exchange served about 700,000 users and its bitcoin wallet received over 9.4 million BTC before December 2016, the DOJ said.
Users included the ransomware gang CryptoWall and Fancy Bear, the hacker group believed to be sponsored by GRU, Russia’s military intelligence agency. Fancy Bear hacked the computer systems of the Democratic Congressional Campaign Committee and the Democratic National Committee during the 2016 presidential campaign. The hackers used BTC-e for their crypto dealings, as well as two other, unnamed crypto exchanges, according to the blockchain intelligence firm Elliptic.
Other high profile users were Carl Mark Force and Shaun W. Bridges, the two FBI agents convicted for misappropriation of crypto from the Silk Road investigation. The former agents sent “several hundred thousand dollars in criminal proceeds” each to BTC-e, the unsealed indictment for Vinnik reads.
“Their experience with the criminal underworld taught them that using BTC-e, as opposed to a registered exchange with anti-money laundering policies, would maximize their chances of being able to conceal criminal proceeds,” the document says.
Silk Road was a popular darknet marketplace offering a wide range of illicit drugs for purchase with bitcoin. Silk Road was busted by the FBI in 2013, and its founder Ross Ulbricht was sentenced to life in prison in 2015 on charges for narcotics trafficking, money laundering, computer hacking and trafficking fraudulent identity documents.
As the FBI investigated the Silk Road, the two rogue agents saw a chance to make money for themselves. Carl Force offered Ulbricht fake drivers’ licenses, as well as insider information on the government’s investigation into Silk Road, in return for 925 bitcoin, which he received and used for his own benefit, according to a criminal complaint filed under seal in 2015 by then IRS special agent Tigran Gambaryan (now Binance’s head of financial crime compliance).
Bridges, in turn, got access to the wallets containing Silk Road’s treasury while being a part of the FBI’s investigative team, and stole 1,600 bitcoin from those wallets. Force was sentenced to six years in prison 2015; Bridges got two years behind bars in 2017.
Force and Bridges sent their ill-gotten crypto to exchanges CampBX, Bitstamp and Mt.Gox. As for BTC-e, they used it to further cover their tracks, documents show.
Prisoner swap hopes
The new documents come to light as Alexander Vinnik is trying to return to his home country, Russia.
Alexander Vinnik and his lawyer David Rizk convinced the Northern District court of California to unseal more documents in the case as they believe making the case more public will help advocate for Vinnik’s prisoner swap with Russia, according to the court file. Vinnik might be swapped with Evan Gershkovich, the Wall Street Journal reporter detained in Russia under espionage charges, the newspaper wrote in May.
Vinnik has spent almost five years in detention abroad. He was first detained in August 2017 in Greece while on vacation with family, then extradited to France and ended up in the Santa Rita prison in the U.S. in August 2022.
He faces charges including operation of an unlicensed money services business, conspiracy to commit money laundering, money laundering and engaging in unlawful monetary transactions. If convicted, Vinnik could face a maximum penalty of 55 years in prison.