Risk
1/28/2014
12:50 PM
50%
50%

Feds Arrest Bitcoin Celebrity In Money Laundering Case

Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace.

9 Notorious Hackers Of 2013
9 Notorious Hackers Of 2013
(Click image for larger view and for slideshow.)

The Department of Justice shocked the Bitcoin world Monday when it announced the arrest of Charlie Shrem, a well-known figure in the community, on charges that he helped launder more than $1 million for users of the notorious illegal products and services "darknet" marketplace known as Silk Road.

Shrem (a.k.a. Yankee), 24, was arrested Sunday at New York's JFK Airport. He formerly served as the CEO and compliance officer of BitInstant, a Bitcoin exchange company, which operated from Dec. 2011 to Oct. 2013. The firm, which employed 16 people before closing, enjoyed a measure of notoriety, with Shrem appearing on the cover of BusinessWeek in April 2013 in a "Meet the Bitcoin Millionaires" feature. In May 2013, Cameron and Tyler Winklevoss announced that in late 2012, they'd invested $1.5 million into the company.

According to a criminal indictment filed Friday and unsealed Monday, Shrem provided illegal bitcoin-exchange services to Robert M. Faiella (a.k.a. "BTCKing"), 52, who ran a Bitcoin exchange on Silk Road, which was reachable only via the Tor anonymizing network. Faiella was arrested Monday.

"Both defendants are charged with knowingly contributing to and facilitating anonymous drug sales [and] earning substantial profits along the way," James J. Hunt, the Drug Enforcement Agency's acting special-agent-in-charge, said in a statement.

[Are Bitcoins the currency of the future, or too risky to catch on? Read 7 Reasons Why Bitcoin Attacks Will Continue. ]

According to the indictment, operating under the username 'BTCKing,' Faiella sold bitcoins -- the only form of payment accepted on Silk Road -- to users seeking to make drug buys on the site. Faiella allegedly used BitInstant to fulfill his bitcoin purchases, with the exchange firm earning a commission on each purchase.

Shrem allowed buyers, including Faiella, to use BitInstant pay cash for bitcoins without verifying their identity, despite federal regulations forbidding that practice for any deposits involving $3,000 or more. Faiella reportedly then sold those bitcoins on Silk Road at a 9% markup.

In a statement issued Monday, the Winklevosses disavowed any knowledge of the money laundering that allegedly occurred via BitInstant. "When we invested in BitInstant in the fall of 2012, its management made a commitment to us that they would abide by all applicable laws -- including money laundering laws -- and we expected nothing less," they said, noting that the company itself hadn't been named as a target in the indictment.

Indeed, to date the investigation appears to be focused solely on Faiella and Shrem. Shrem helped found and serves as vice chairman of the Bitcoin Foundation, which helps promote the cryptographic currency. According to Shrem's biography on the foundation's website, he "found the need for a more secure, fast and convenient way of transferring funds between and within payment networks around the world." As the CEO of BitInstant, the site reads, Shrem "led the firm through the complex compliance, licensing, and regulations of the worldwide banking system."

But the Department of Justice accused Shrem and Faiella of flouting those regulations. According to the indictment, Shrem's bitcoin-exchange firm serviced BTCKing's bitcoin buying, "which involved the transportation and transmission of funds known to Shrem to have been intended to be used to promote and support the unlawful ... operation of an unlicensed money transmitting business on 'Silk Road,'" as well as narcotics trafficking.

Shrem was also charged with failing to file any suspicious activity reports with the Treasury Department's Financial Crimes Enforcement Network, with which BitInstant was registered as a licensed money services business. Authorities said Shrem's oversights weren't accidental. According to the indictment, by Jan. 17, 2012, Shrem knew that BTCKing was reselling bitcoins via Silk Road. "Shrem first purported to ban BTCKing from doing business with the company, copying the cash processor and Shrem's business partner ... on the message," it said. "However, Shrem thereafter wrote to BTCKing privately with a different message, advising him how to continue using the company's services surreptitiously."

The business partner referred to in the indictment -- never by name -- is UK-based Gareth Nelson, who helped found BitInstant. He's quoted several times in the indictment requesting that Shrem ban BTCKing's email address, along with several other email addresses that the same person appeared to be using, "because so many of his transactions smell like fraud or money laundering."

According to the indictment, Shrem was himself intimately familiar with the services provided by Silk Road. "Wow, silk road really works," Shrem allegedly wrote in an online chat with an unnamed party, reporting that he'd just used the site to successfully receive a shipment of marijuana brownies.

Both Faiella and Shrem now face up to 20 years in prison on a charge of conspiracy to commit money laundering, as well as another five years for operating an unlicensed money transmitting business. Shrem has also been charged with purposefully failing to file a suspicious activity report, which carries a maximum sentence of five years.

Having a wealth of data is a good thing -- if you can make sense of it. Most companies are challenged with aggregating and analyzing the plethora of data being generated by their security applications and devices. This Dark Reading report, How Existing Security Data Can Help ID Potential Attacks, recommends how to effectively leverage security data in order to make informed decisions and spot areas of vulnerability. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Mobile Malware Incidents Hit 100% of Businesses
Dawn Kawamoto, Associate Editor, Dark Reading,  11/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.