The US Department of Justice (DOJ) and the US Department of the Treasury announced Wednesday that they had imposed criminal charges and financial sanctions on two Russian nationals for their involvement in a phishing campaign. The two men were accused of stealing almost $17 million worth of cryptocurrency in a series of phishing attacks in 2017 and 2018.
Danil Potekhin and Dmitrii Karasavidi allegedly created web domains that mimicked legitimate domains, called “spoofing,” to obtain the login credentials of users. They spoofed websites such as Binance, Gemini, and Poloniex, which are popular cryptocurrency exchange websites.
After obtaining users’ login credentials, Potekhin and Karasavidi were able to steal at $16.8 million by, among other methods, using exchange accounts under fictitious identities, market manipulation, and laundering. The stolen money was ultimately traced to Karasavidi’s account, and it was seized by US Secret Service.
The Treasury Department announced Wednesday that, pursuant to Executive Order 13694, it had sanctioned Potekhin and Karasavidi for their involvement in the phishing campaign. The DOJ also unsealed indictments against Potekhin and Karasavidi on Wednesday.
On the Treasury Department’s action, Secretary Steven Mnuchin stated:
The individuals who administered this scheme defrauded American citizens, businesses, and others by deceiving them and stealing virtual currency from their accounts. The Treasury Department will continue to use our authorities to target cybercriminals and remains committed to the safe and secure use of emerging technologies in the financial sector.