Founder Of Crypto Exchange Bitzlato That Laundered Over $700M In Illegal Proceeds Pleads Guilty
Read also: TrickBot dev faces up to 35 years in prison, Platypus hackers walk free in France, and more.
Thursday, December 7, 2023
The founder of crypto exchange Bitzlato favored by cybercriminals pleads guilty
Anatoly Legkodymov, a Russian national, also known as “Anatolii Legkodymov,” “Gandalf,” and “Tolik,” has pleaded guilty to charges related to his ownership and operation of Bitzlato, a cryptocurrency exchange that processed more than $700 million obtained through illicit activities, including ransomware proceeds and money laundering transactions with underground marketplaces such as the now-defunct Hydra Market.
Bitzlato advertised itself as a hub for cryptocurrency transactions, marketing lax know-your-customer (KYC) procedures that didn’t require “neither selfies nor passports.”
The platform was shut down in January 2023 as a result of an international law enforcement effort led by the French and US authorities. The police dismantled the digital infrastructure of the service, based in France and apprehended key members of the management, including the main administrator and the CEO.
As part of his plea agreement, Legkodymov has agreed to dissolve Bitzlato and relinquish any claim over approximately $23 million in seized assets. Legkodymov is set to face sentencing in the coming months.
Request your free demo now and talk to our experts.
Platypus hackers acquitted in France as court dismisses charges on “ethical hacker” claim
A French court has acquitted two brothers accused of hacking and stealing over $8.5 million in cryptocurrency from the US-based DeFi platform Platypus Finance.
The two brothers, identified as Mohammed and Benamar M., compromised Platypus in February 2023 by executing a series of flash loan attacks that exploited a flaw in a key pricing mechanism of the platform. In response, Platypus executed a counter-hack and was able to recover 2.4 million USDC and 687,000 BUSD out of nearly $9 million in stolen assets. The attackers were arrested in France the same month, just a few days after the attack was carried out. They were charged with accessing and maintaining an automated data processing system, fraud and money laundering, as well as receiving stolen goods.
The brothers admitted to hacking and stealing the assets but presented themselves as ethical hackers who wanted to recover the endangered funds and said that they intended to return the assets in exchange for a 10% bounty.
Prosecutors had requested a 5-year prison sentence, including two years with a committal warrant for Mohammed M., and 6-month suspended sentence with a fine of 20,000 euros for his brother. However, the jury ruled that since Mohammed simply interacted with the Platypus’ smart contract, which contained a vulnerability he exploited, it didn’t constitute fraudulent access to the company’s network. The rest of the criminal charges against the brothers were also dropped.
Hacker faces up to 35 years in prison over TrickBot malware
Russian national Vladimir Dunaev, 40, has confessed to his involvement in the development and deployment of the Trickbot malware, a notorious modular banking trojan that evolved into a powerful malware dropper used to deliver ransomware among other threats.
The TrickBot malware operation, disrupted by law enforcement authorities in 2022, targeted businesses, entities, and individuals, including hospitals, schools, public utilities, and governments.
As alleged by the US Department of Justice, the defendant developed browser modifications and malicious tools designed to steal credentials and data from infected machines. He was also involved in enhancing remote access for Trickbot actors and created tools that allowed the malware to bypass security solutions.
Vladimir Dunaev was extradited from the Republic of Korea to the United States in 2021, where he was charged with conspiracy to commit computer fraud, identity theft, wire fraud and bank fraud. If found guilty, Dunaev could face a maximum penalty of 35 years in prison. His sentencing is scheduled for March 20, 2024.
Former high school IT manager deactivated thousands of student and staff accounts after being let go
A former IT admin at a public school in Massachusetts, the US, deactivated thousands of student and staff network accounts and sabotaged the phone system after he was terminated from his role in June 2023.
Conor LaHiff, aged 30, has agreed to plead guilty to one count of unauthorized damage to protected computers.
As per the US Department of Justice’s press release, after he was fired LaHiff used his administrative privileges to deactivate and erase over 1,400 Apple IDs from the school's Apple School Manager account. Furthermore, he disabled the school's private branch phone system, making the phone service unavailable for nearly 24 hours.
If found guilty he may face up to 10 years in prison, a maximum of three years of supervised release, and a fine of $250,000. Conor LaHiff is scheduled to appear in federal court in Boston at a later date to address the charges.
Dutch court approves extradition of the Raccoon developer to the US
A Dutch court has ruled that the country’s authorities can extradite a Ukrainian national to the US to face charges related to his role in the development of the Raccoon information-stealing malware.
The charges include conspiracy to commit fraud and related activity in connection with computers, conspiracy to commit wire fraud, conspiracy to commit money laundering, and aggravated identity theft.
The US authorities allege that the defendant, named Mark Sokolovski, is behind malware responsible for stealing sensitive data, including login credentials, financial data, and other personal information, from 15 million computers worldwide. As per the US Department of Justice, Sokolovski operated the Raccoon Infostealer as a malware-as-a-service (MaaS), charging his clients about $200 per month.
Sokolovski was arrested in the Netherlands in March 2022 and has since been fighting extradition to the US claiming that being extradited would expose him to potential human rights violations, risks to his health, and the risk of facing the death penalty or life imprisonment without a fair trial. However, the Dutch court found the extradition is admissible.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law. 
