Phisher arrested for stealing Bitcoins from dark web users


A US man has been arrested for allegedly stealing Bitcoins from the one user base that might like to see itself as immune from such crimes – other dark web users.

According to the Department of Justice indictment, 34-year old Michael Richo mocked up phishing pages to steal logins for Bitcoin wallets escrowed on dark marketplaces, catching out 10,000 users whose details were later found in a database on his laptop.

A second method he used was to keylog (i.e. record) the logins directly after forwarding phished traffic through a server under his control.

Richo is said to have monitored the account balances of wallets, withdrawing Bitcoins as they were deposited before selling them back to other users for US dollars. He then deposited the laundered funds into a bank account in his name.

Between November 2013 and October 2014, police said Richo had admitted stealing Bitcoins worth a “six-figure” sum from his thousands of victims.

Bitcoins are essential for buying and selling illegal services on the dark web because they afford anonymity, especially when currency is ‘tumbled’ or ‘mixed’ to hide its origins.

This raises an interesting question – given the anonymity of dark web transactions, how did police gather evidence about Richo’s activities?

Given how long it has taken police to arrest him for alleged crimes dating back two or more years, doubtless it wasn’t easy.

One possibility is some form of forensic analysis in which the pattern of data moving around the Blockchain system is traced mathematically to events on a specific computer at a moment in time, even when transactions have been tumbled.

Alternatively, it could also be that laundering sizable numbers of Bitcoins isn’t as unobtrusive as some assume and Richo’s activities were noticed.

For obvious reasons, police don’t go into much detail about their techniques even in high-profile dark web cases such as the famous arrest of Silk Road marketplace creator Ross Ulbricht in 2014.

Another issue is who Richo’s victims were and what they were using their lost Bitcoins to buy or sell. Undoubtedly some of them will be worried that police might have enough data to track them too.

The ultimate irony of someone ripping off dark web users is that it is a place that can ill afford to be seen as unreliable.  The anonymity of Bitcoins – and other virtual currencies – is essential to maintaining its status.

Although he appears to be co-operating with police, Richo still faces the possibility of a very long jail sentence if convicted – money laundering carries a maximum term of imprisonment of 20 years with up to 10 years for fraud and two years for identity theft.