Justice Dept. sues crypto exchange for laundering ransom funds

Daniel Uria
Hundreds of thousands of dollars worth of ransom payments have been made in recent weeks by cities targeted by digital hijackers. File Photo by MilousSK/Shutterstock
Hundreds of thousands of dollars worth of ransom payments have been made in recent weeks by cities targeted by digital hijackers. File Photo by MilousSK/Shutterstock

Aug. 2 (UPI) -- The U.S. Department of Justice has filed a civil lawsuit against a cryptocurrency exchange and one of its owners, saying they laundered ransom funds collected through cyberattacks and other illicit activity.

The suit, filed last week in the Northern District of California, seeks more than $100 million in penalties from the Russia-based digital currency exchange BTC-e and Alexander Vinnik, one of its chief owners and operators.


Prosecutors said Vinnik and BTC-e are charged with failing to register with the U.S. Treasury's Financial Crimes Enforcement Network (FinCEN) as a Money Services Business, establish anti-money laundering programs and procedures or file suspicious activity reports.

The Justice Department said BTC-e laundered criminal proceeds of more than $4 billion and the platform was eventually shut down. Vinnik was arrested and jailed in Greece. The United States has requested extradition to California, one of several locations where prosecutors say BTC-e operated.

RELATED Head of Facebook Libra grilled by skeptical Senate lawmakers

The lawsuit seeks to collect on fines levied two years ago by FinCEN -- $88.5 million for BTC-e and $12 million for Vinnik, both for violating the U.S. Bank Secrecy Act.

Authorities say hackers commonly demand ransomware payments of bitcoin or other cryptocurrencies in exchange for releasing hijacked files or computer systems. Experts say it's easier to transfer and hackers expect they're more likely to get away with stealing bitcoin, for example, than cash.

The federal lawsuit comes at a time of spiking ransomware attacks in the United States. Several U.S. cities have been hit with ransomware attacks this year, including Baltimore and Greenville, N.C., in May and two in Florida in June. The Florida cities, Riviera Beach and Lake City, agreed to pay the ransom -- more than $1 million in bitcoin, collectively. The Georgia state court system was also targeted.

RELATED Bitcoin shows its wild streak within minutes Wednesday

Generally, the FBI and cybersecurity experts advise targets not to pay the ransom -- mainly because it sets a dangerous precedent that encourages future attacks. Also, there's no guarantee the payment will successfully return the hijacked files.

Lake City said 100 years worth of city files were taken in its hijacking, and it's not yet clear if they'll be returned -- and it paid the $460,000 ransom. City clerk Audrey Sikes told The New York Times the attack put the town back "years and years."

Baltimore, which did not comply with the hackers' demand, has paid in another fashion -- nearly $20 million to recover from its attack. In Georgia, as a precaution, part of the state court system was taken offline last month in Atlanta -- a year after the city paid about $17 million to recover from an intrusion. The state's public safety department was also hit last week, and shut down systems and restricted access to certain resources, like email for public records.

RELATED Ransom hackers hit Georgia courts after cities pay $1M

Louisiana Gov. John Bel Edwards issued a statewide state of emergency last week after a cyberattack hit school systems in the northern parishes of Sabine Morehouse and Ouachita. A similar attack in New York targeted the Syracuse City School District and Onondaga County Library system.

Authorities are still investigating the attacks and are not yet sure if all -- or any -- are connected.

Latest Headlines