The FBI arrested a Russian rapper living in Miami for cryptocurrency money laundering. Everyone has heard of money laundering but cryptocurrency laundering is a thing too.
Last week Maksim Boiko a/k/a Maxim Boyko a/k/a Gangass was arrested by federal agents in Miami. He had been reportedly in the United States since January. The FBI filed felony money laundering charges on March 27th.
We obtained from court officials in Pittsburgh, FBI Special Agent Samantha Shelnick’s affidavit detailing the government’s complaint.
S.A. Shelnick says she investigates “computer intrusion and computer-related financial fraud” cases. She says 29 year old Boiko is a Russian rapper who came to the U.S. in January. When he came into the U.S. he was carrying $20,000 in cash. Shelnick says his Instagram account shows him photos holding large amounts of U.S. and foreign currencies.
Although possession of large amounts of cash isn’t illegal, money laundering is. The FBI says Boiko is tied to the email account plinoffical@ me.com. They say that account was used to open an account at BTC-e in 2017. BTC-e was a virtual currency exchange that was seized by the feds in connection with exchange of criminally derived funds. When the feds seized the exchange’s website, they were able to trace deposits of $387,694 into Boiko’s account at BTC-e.
The Plot Thickens – “I Got You Bro!”
The FBI now says that they believe Boiko was “money laundering for a significant cybercriminal known by the online moniker “Moneybooster” by providing Moneybooster with a foreign bank account for the purpose of receiving funds attempted to be stolen from U.S. victims of cybercrime.”
On March 20, 2017, “Moneybooster” had a chat with gangass@ exploit.im believed to be Boiko. Moneybooster asked Boiko for a corporate account “that could receive a wire of about “200-300k.”
Within minutes, Boiko responded by providing the an account registered to a company in Hong Kong and using the Bank of China. “After receiving the information, ‘Moneybooster’… informed gangass [Boiko] that “I’ve sent around 300k.”
Boiko allegedly responded, “[g]ot you, bro!”
That transaction failed but the feds say that a simultaneous transfer was attempted from a victim in California to the same account. The transaction thankfully was stopped by an alert bank employee at Chase who thought the transfer looked suspicious.
In other examples allegedly tied to Boyko, the feds say that in October 2017, a fraudulent wire in the amount of $98,780 was initiated from a New York based religious institution’s Chase bank account to an offshore account . Chase stopped the wire before it left the bank and the church suffered no loss. But in another exchange that month the FBI obtained chats on a phone where one party says, “[h]oly shit you did, you transferred it. You’re like a wizard.”
A Money Laundering Ring for Cybercriminals?
The FBI’s Pittsburgh field office claims it has been investigating a transnational organized crime ring that uses the name QQAAZZ. They say this ring launders money for cybercriminals. Supposedly QQAAZZ maintains “hundreds of bank accounts at financial institutions in numerous countries throughout the world, including the United Kingdom, Portugal, Spain, Germany, Belgium, Turkey and the Netherlands.”
To open corporate bank accounts, QQAAZZ members registered dozens of shell companies that conducted no legitimate business activity. Using the corporate registration documents, QQAAZZ members then opened corporate bank accounts in the names of the shell companies at numerous financial institutions within each country.
The group is so brazen that Agent Shelnick claims it openly advertises its money laundering services, albeit on the dark web. “QQAAZZ advertises its cash-out and money laundering services on exclusive, underground, Russian-speaking, online cybercriminal forums, including Mazafaka and Verified. In one post QQAAZZ advertised, ‘a global, complicit bank drops service.’”
The FBI says cybercriminals use malware to hack into people’s computers. Once there, they use log in information found on computers to wire money. Wires into corporate accounts have less scrutiny. That is where QQAAZZ services come in. The FBI says that the organization will launder the money into offshore shell accounts in exchange for a fee of between 40% and 50% of the proceeds. (**An excerpt of Special Agent Shelnick’s affidavit detailing how the scheme works appears at the end of this post.)
Overall, the FBI says that QQAAZZ has helped launder tens of millions of dollars in stolen funds including money laundering through cryptocurrency exchanges and accounts.
Cryptocurrency Money Laundering, Fraud Recovery and Whistleblower Rewards
Cryptocurrency fraud and cyberhacking are relatively new. The technology used by fraudsters often evolves faster than law enforcement’s response.
The fraud recovery lawyers at Mahany Law concentrate on helping victims of fraud get back their losses from cyberhacking. If your accounts were hacked and money transferred offshore, we probably can’t get it back. But sometimes we can hold third parties responsible for those losses.
We also help whistleblowers with information about phony cryptocurrency ICOs collect rewards for stepping forward and reporting the scam.
To learn more, visit our ICO and cryptocurrency fraud recovery page. We also help with cybersecurity whistleblower rewards.
Ready to speak with someone? We can be reached online, by email or by phone at 202-800-9791. Fraud recovery services provided nationwide. Whistleblower cases handled worldwide. All inquiries are protected by the attorney – client privilege and kept strictly confidential.
**Details from the Special Agent Shelnick on how the QQAAZZ scam works:
QQAAZZ’s service generally operated in the following manner:
(a) cybercriminals with unauthorized access to a victim’s bank account contacted QQAAZZ via Jabber, a secure online instant messaging software, seeking a recipient bank account to which the cybercriminal could send the victim’s stolen funds via electronic funds transfer;
(b) QQAAZZ provided the cybercriminal with the details of the specific bank account designated to receive the stolen funds;
(c) the cybercriminal initiated, or attempted to initiate, an electronic funds transfer from the victim’s bank account to the recipient account provided and controlled by QQAAZZ;
(d) QQAAZZ received the stolen funds in its recipient bank account;
(e) QQAAZZ withdrew (i.e., “cashed-out”) the funds, transferred the funds to other QQAAZZ-controlled bank accounts for withdrawal, or transferred the funds to illicit “tumbling” services where the funds were converted to cryptocurrency;
(f) QQAAZZ returned the stolen funds to the cybercriminal minus QQAAZZ’s fee, which was typically between 40 to 50 percent of the total amount of stolen funds.