Risk
1/28/2014
12:50 PM
Connect Directly
RSS
E-Mail
50%
50%

Feds Arrest Bitcoin Celebrity In Money Laundering Case

Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace.

9 Notorious Hackers Of 2013
9 Notorious Hackers Of 2013
(Click image for larger view and for slideshow.)

The Department of Justice shocked the Bitcoin world Monday when it announced the arrest of Charlie Shrem, a well-known figure in the community, on charges that he helped launder more than $1 million for users of the notorious illegal products and services "darknet" marketplace known as Silk Road.

Shrem (a.k.a. Yankee), 24, was arrested Sunday at New York's JFK Airport. He formerly served as the CEO and compliance officer of BitInstant, a Bitcoin exchange company, which operated from Dec. 2011 to Oct. 2013. The firm, which employed 16 people before closing, enjoyed a measure of notoriety, with Shrem appearing on the cover of BusinessWeek in April 2013 in a "Meet the Bitcoin Millionaires" feature. In May 2013, Cameron and Tyler Winklevoss announced that in late 2012, they'd invested $1.5 million into the company.

According to a criminal indictment filed Friday and unsealed Monday, Shrem provided illegal bitcoin-exchange services to Robert M. Faiella (a.k.a. "BTCKing"), 52, who ran a Bitcoin exchange on Silk Road, which was reachable only via the Tor anonymizing network. Faiella was arrested Monday.

"Both defendants are charged with knowingly contributing to and facilitating anonymous drug sales [and] earning substantial profits along the way," James J. Hunt, the Drug Enforcement Agency's acting special-agent-in-charge, said in a statement.

[Are Bitcoins the currency of the future, or too risky to catch on? Read 7 Reasons Why Bitcoin Attacks Will Continue. ]

According to the indictment, operating under the username 'BTCKing,' Faiella sold bitcoins -- the only form of payment accepted on Silk Road -- to users seeking to make drug buys on the site. Faiella allegedly used BitInstant to fulfill his bitcoin purchases, with the exchange firm earning a commission on each purchase.

Shrem allowed buyers, including Faiella, to use BitInstant pay cash for bitcoins without verifying their identity, despite federal regulations forbidding that practice for any deposits involving $3,000 or more. Faiella reportedly then sold those bitcoins on Silk Road at a 9% markup.

In a statement issued Monday, the Winklevosses disavowed any knowledge of the money laundering that allegedly occurred via BitInstant. "When we invested in BitInstant in the fall of 2012, its management made a commitment to us that they would abide by all applicable laws -- including money laundering laws -- and we expected nothing less," they said, noting that the company itself hadn't been named as a target in the indictment.

Indeed, to date the investigation appears to be focused solely on Faiella and Shrem. Shrem helped found and serves as vice chairman of the Bitcoin Foundation, which helps promote the cryptographic currency. According to Shrem's biography on the foundation's website, he "found the need for a more secure, fast and convenient way of transferring funds between and within payment networks around the world." As the CEO of BitInstant, the site reads, Shrem "led the firm through the complex compliance, licensing, and regulations of the worldwide banking system."

But the Department of Justice accused Shrem and Faiella of flouting those regulations. According to the indictment, Shrem's bitcoin-exchange firm serviced BTCKing's bitcoin buying, "which involved the transportation and transmission of funds known to Shrem to have been intended to be used to promote and support the unlawful ... operation of an unlicensed money transmitting business on 'Silk Road,'" as well as narcotics trafficking.

Shrem was also charged with failing to file any suspicious activity reports with the Treasury Department's Financial Crimes Enforcement Network, with which BitInstant was registered as a licensed money services business. Authorities said Shrem's oversights weren't accidental. According to the indictment, by Jan. 17, 2012, Shrem knew that BTCKing was reselling bitcoins via Silk Road. "Shrem first purported to ban BTCKing from doing business with the company, copying the cash processor and Shrem's business partner ... on the message," it said. "However, Shrem thereafter wrote to BTCKing privately with a different message, advising him how to continue using the company's services surreptitiously."

The business partner referred to in the indictment -- never by name -- is UK-based Gareth Nelson, who helped found BitInstant. He's quoted several times in the indictment requesting that Shrem ban BTCKing's email address, along with several other email addresses that the same person appeared to be using, "because so many of his transactions smell like fraud or money laundering."

According to the indictment, Shrem was himself intimately familiar with the services provided by Silk Road. "Wow, silk road really works," Shrem allegedly wrote in an online chat with an unnamed party, reporting that he'd just used the site to successfully receive a shipment of marijuana brownies.

Both Faiella and Shrem now face up to 20 years in prison on a charge of conspiracy to commit money laundering, as well as another five years for operating an unlicensed money transmitting business. Shrem has also been charged with purposefully failing to file a suspicious activity report, which carries a maximum sentence of five years.

Having a wealth of data is a good thing -- if you can make sense of it. Most companies are challenged with aggregating and analyzing the plethora of data being generated by their security applications and devices. This Dark Reading report, How Existing Security Data Can Help ID Potential Attacks, recommends how to effectively leverage security data in order to make informed decisions and spot areas of vulnerability. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0640
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.

CVE-2014-0641
Published: 2014-08-20
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.

CVE-2014-2505
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.

CVE-2014-2511
Published: 2014-08-20
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.

CVE-2014-2515
Published: 2014-08-20
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.