Malware gang steals $1.4 Million and sets up bitcoin exchange to launder it

Four men used malware to steal from 150 bank accounts and created a bitcoin exchange to launder the loot.

AccessTimeIconOct 30, 2013 at 11:21 p.m. UTC
Updated Sep 2, 2021 at 11:21 a.m. UTC

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Last week, four men were arrested in the Netherlands for spreading a type of malware that allowed them to obtain Dutch bank account information. And they used a bitcoin exchange to launder some of $1.4 million that was stolen from approximately 150 bank accounts.

The malware, known as TorRAT, targeted only Dutch speakers. TorRAT used the anonymizing network Tor to use its command and control (C&C) servers. The men also paid for a Turkish crypting service to circumvent antivirus software and utilized the hosted tormail.org in order to communicate.

  • Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
    13:18
    Bitcoin Mining in the U.S. Will Become 'a Lot More Decentralized': Core Scientific CEO
  • Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
    05:10
    Binance to Discontinue Its Nigerian Naira Services After Government Scrutiny
  • The first video of the year 2024
    04:07
    The first video of the year 2024
  • The last regression video of the year 3.67.0
    40:07
    The last regression video of the year 3.67.0
  • Once the malicious software was able to obtain financial information from its victims, the four suspects would then steal money from the bank accounts. They then used a bitcoin exchange that they set up called FBTC Exchange in order to launder some of the stolen cash into euros.

    According to the Bitcoin Wiki, FBTC Exchange was launched on June 25, 2013. The site is no longer in operation, and trading has been halted since October 21. The past 6-month volume on FBTC Exchange was 9,007.55 BTC or €743,792.67, according to Bitcoin Charts.

    fbtcchart

    The police reportedly seized 56 bitcoins from the men, and they were able to exchange them for more than €7,700, or $10,000.

    The men were arrested by the Dutch National High Tech Crime Unit (NHTCU). InformationWeek reports that it is possible the men were uncovered by the FBI during its investigation of Silk Road mastermind Ross Ulbricht.

    And much like Tor enabled the accused Dutch thieves, Silk Road also relied on the anonymous network in order to hide its users' identities and enable illegal activity. The FBI has reportedly seized hundreds of thousands of bitcoins from bitcoin wallets owned by Ulbricht, a 29-year-old graduate student who was operating Silk Road from a residence in San Francisco.

    The stated plan an FBI spokesperson told Forbes is to sell the seized bitcoins, which eventually would dump a large number of bitcoins back on the market. Yet it's questionable whether the feds currently have the access they need to sell them.

    It was ultimately the reliance on third parties that likely got the TorRAT suspects arrested, according to Trend Micro.

    "Buying a service from a crypting service, using tormail.org, and recruiting and abusing money mules puts cybercriminals at risk of getting caught. A single error can lead to the unraveling of the whole cybercrime operation. Tor offers a high degree of anonymity, but Tor tools are not immune to data leaks," says the Trend Micro post on the subject of TorRAT.

    And although bitcoin exchanges being used as a tool for criminal activity is not good, government intervention will not help, according to Tuur Demeester who is a bitcoin expert and investor.

    "It's an illusion to believe that 'a war on fraud' in the exchange sector will make the problem go away," he said.

    "I think making the cost-benefit analysis, educating bitcoin users about the importance of security and the dangers of fraud will go a much longer way than creating ever more bureaucratic hoops for legitimate entrepreneurs to jump through."

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.