Add Binance to the list of crypto heavyweights facing serious legal trouble. The Commodity Futures Trading Commission (CFTC) has charged Binance, founder Changpeng Zhao and former compliance chief Samuel Lim with allegedly violating both the agency's regulations and the Commodity Exchange Act. The company supposedly offered unregistered crypto derivatives, didn't ask users for mandatory identity verification, structured itself to avoid US regulation and even told customers how to dodge its own compliance system for US-based customers.
Zhao directed much of the rulebreaking himself, the CFTC claims, and there are reportedly chats and emails as evidence. Lim, who left Binance in 2022, is accused of knowingly aiding in the scheme. Among other things, he purportedly encouraged American users to mask trades through a VPN and even create new accounts through shell companies. The activity indicates that Binance's compliance mechanisms "have been a sham," CFTC chief counsel Gretchen Lowe says.
The Commission hopes to permanently ban Binance's registration and trading. It also hopes to levy fines and make the firm disgorge its gains. There's no estimated financial penalty.
We've asked Binance for comment and will let you know if we hear back. The company has historically defended itself against accusations. Zhao's brand is also facing a Securities and Exchange Commission (SEC) investigation over its BNB token, and a long-running probe has looked into possible insider trading. Senator Elizabeth Warren recently sent Zhao a letter accusing him of creating a "hotbed of illegal financial activity" that enables crooks and sanction-dodgers.
The charges come in the wake of multiple scandals rocking the crypto industry. The fraud charges levelled against FTX and its founder Sam Bankman-Fried are the most notable examples, but there are also allegations and investigations targeting Celsius' former CEO, Coinbase and Terraform Labs, among others. Binance is the largest crypto exchange left, and a US ban could significantly affect the industry as customers are forced to move to smaller outfits.
The CFTC is also staking out territory with this move. Both it and the SEC have argued that they should regulate crypto in the absence of laws outlining their roles. With these charges, the CFTC is signalling that it wants to be the de facto regulator for crypto trading. House and Senate members may limit the Commission's authority if they pass legislation, but the agency clearly isn't willing to wait before cracking down.
This article originally appeared on Engadget at https://www.engadget.com/crypto-giant-binance-charged-with-violating-us-trading-and-derivatives-laws-170817954.html?src=rss
The internet has connected nearly everybody on the planet to a global network of information and influence, enabling humanity's best and brightest minds unparalleled collaborative capabilities. At least that was the idea, more often than not these days, it serves as a popular medium for scamming your more terminally-online relatives out of large sums of money. Just ask Brett Johnson, a reformed scam artist who at his rube-bilking pinnacle, was good at separating fools from their cash that he founded an entire online learning forum to train a new generation of digital scam artist.
Johnson's cautionary tale in one of many in the new book, Fool Me Once: Scams, Stories, and Secrets from the Trillion-Dollar Fraud Industry, from Harvard Business Review Press. In it, Professor of Forensic Accounting at DePaul University, Dr. Kelly Richmond Pope, chronicles some of the 20th and 21st century's most heinous financial misdeeds — from Bernie Madoff's pyramid schemes to Enron and VW, and all the Nigerian Princes in between — exploring how the grifts worked and why they often left their marks none the wiser.
I was doing my morning reading before class, and a story about a reformed cybercriminal caught my attention. I always wanted to learn more about cybercrime, but I’d never interacted with a convicted cyber offender. Here was my chance.
I did a quick Google search and found his personal website. I reached out, explained my interest in his story, and waited. By evening, I had an email from gollum@anglerphish.com. I was immediately suspicious, but it was a legit address of Brett Johnson, the man from the article.
After a few email exchanges, we got on a call. He was super friendly and had the voice of a radio DJ. I invited him to come speak to my class at DePaul.
“I teach on Monday nights for the next eight weeks, so whatever works for you will work for me,” I said.
“How about I hop in my car and come visit your class this coming Monday?” he said.
I was a little shocked—Birmingham, Alabama was a long drive— but I immediately took him up on his offer.
Brett was born and raised in Hazard, Kentucky, “one of these areas like the Florida Panhandle and parts of Louisiana, where if you’re not fortunate enough to have a job, you may be involved in some sort of scam, hustle, fraud, whatever you want to call it,” he said.
Maybe there was something in the water because his entire family engaged in fraud. Insurance fraud, document forgery, drug trafficking, mining illegal coal. You name it, Brett’s family did it.
Young Brett was a natural liar. As he grew up, he participated in the family scams.
Eventually, he branched out on his own. His first scam: in 1994, he faked his own car accident. Second scam: eBay fraud.
He reached his peak in the mid-’90s, during the Beanie Baby heyday. The Royal Blue Peanut, essentially a cobalt stuffed elephant toy, sold for as much as $1,700. Only five hundred of the dolls were manufactured, making it one of the most valuable Beanie Babies.
Brett was trying to earn some extra money. A Beanie Baby scam seemed easy and quick.
He advertised on eBay that he was selling Royal Blue Peanut for $1,500. Except he was actually selling a gray Beanie Baby that he dipped in blue dye to look like Royal Blue Peanut for $1,500.
He accepted a bid and instructed the winner to send a US postal money order. “It protects us both,” he said via email. “As soon as I get that and it clears, I’ll send you your elephant.”
The bidder sent Brett the money order; Brett cashed it and sent her his version of the blue Beanie Baby. The phone rang almost immediately.
“This is not what I ordered!” yelled a voice on the other line.
Brett’s response was swift. “Lady, you ordered a blue elephant. I sent you a blue-ish elephant.”
Brett gave her the runaround for a few weeks until she finally disappeared.
This experience taught Brett two very important lessons about cybercrime:
Delay the victim as long as possible.
Victims rarely report the crime and eventually go away.
Brett continued to perfect his skills and graduated to selling pirated software. From pirated software, he moved to install mod chips (a small electronic device used to disable artificial restrictions of computers or entertainment devices) into gaming systems so owners could play the pirated games. Then he began installing mod chips in the cable boxes that would turn on all the pay-per-view on clients’ TV channels for free. Then it was programming satellite DSS cards (the satellite DSS card allows access to tv channels).
He was getting requests for his cable boxes from customers all over the United States and Canada. He was on a roll. Finally, it occurred to him: Why even fulfill the cable box order? Just take the money and run. He knew that no customer would complain about losing money in an illegal transaction. He stole even more money with this updated version of his cable box scam but soon worried that he’d get flagged for money laundering. He decided he needed a fake driver’s license so he could open up a bank account and launder the money through cash taken out of the ATM.
He found a person online who sold fake licenses. He sent a picture, $200, and waited. He waited and waited. Then reality punched him in the face: He’d been scammed. The nerve.
No one hates being deceived more than someone who deceives for a living. Brett was so frustrated he started ShadowCrew.com, an online forum where people could learn the ins and outs of cybercrime. Forbes called it “a one-stop marketplace for identity theft.” The ShadowCrew operated from August 2002 through November 2004, attracting as many as four thousand criminals or aspiring criminals. It’s considered the forerunner of today’s cybercrime forums and marketplaces; Brett is known as the Godfather of Cybercrime.
“Before ShadowCrew, the only avenue you had to commit online crime was a rolling chat board,” he told my students. “It’s called a IRC chat session and stands for Internet Relay Chat.” The problem with these rolling chat screens was that you had no idea if you were talking to a cop or a crook. Either was possible.
ShadowCrew gave criminals a trust mechanism. It was a large communication channel where people in different time zones could reference conversations. “By looking at someone’s screen name, you could tell if you could trust that person, if you could network with that person, or if you could learn from that person,” he said. The screen name on the dark web became the criminal’s brand name. They keep this brand name throughout their entire criminal tenure and it helps establish trust with others, so the screen name matters.
When Brett was in class, he showed my students how information ended up on the dark web. “You can find social security numbers, home addresses, driver’s license numbers, credit card numbers on the dark web for $3,” he explained. All the information is there, practically begging to be taken.
In 2004, authorities arrested twenty-eight men in six countries, claiming they had swapped 1.7 million stolen card numbers and caused $4.3 million in losses. But Brett escaped. He was placed on the Secret Service’s Most Wanted list. After four months on the run, he was arrested.
Brett has been in and out of prison five times and spent 7.5 years in federal prison. Today he considers himself a reformed white-collar offender.
This article originally appeared on Engadget at https://www.engadget.com/hitting-the-books-fool-me-once-kelly-richmond-pope-harvard-business-review-press-143031129.html?src=rss
The Securities and Exchange Commission has cracked down on the businesses of crypto entrepreneur Justin Sun and has charged him for the unregistered offer and sale of the tokens Tronix and BitTorrent. If those tokens sound familiar even to non-hardcore crypto enthusiasts, it's because several celebrities had promoted them on social media — and now they're also being charged by the agency. According to the SEC, eight celebrities, including Lindsay Lohan, Jake Paul, Soulja Boy, Ne-Yo and Akon, illegally promoted the tokens online without disclosing that they were paid to do so.
"...Sun paid celebrities with millions of social media followers to tout the unregistered offerings, while specifically directing that they not disclose their compensation. This is the very conduct that the federal securities laws were designed to protect against regardless of the labels Sun and others used," Gurbir S. Grewal, Director of the SEC's Division of Enforcement, said in a statement.
All celebrities charged, with the exception of Soulja Boy and musician Austin Mahone, have agreed to pay a collective amount of $400,000 in penalties to settle the charges. It's not the first time the SEC went after celebrities shilling crypto on social media — it previously charged Kim Kardashian and NBA Hall of Famer Paul Pierce for posting about EthereumMax's EMAX tokens without revealing that they had been paid for the promotion. Kardashian paid $1.26 million to settle the charges against her, while Pierce paid $1.4 million.
As for Sun himself, the SEC accused him of violating antifraud and market manipulation provisions of the federal securities laws. The agency said he offered the tokens as investments through unregistered bounty programs that prompted participants to promote the tokens on social media and to recruit others. In addition, the SEC also accused Sun of directing employees to artificially inflate the value of Tronix by simultaneously selling and purchasing the token to make it appear actively traded.
"As alleged in the complaint," Grewal said, "Sun and others used an age-old playbook to mislead and harm investors by first offering securities without complying with registration and disclosure requirements and then manipulating the market for those very securities."
This article originally appeared on Engadget at https://www.engadget.com/sec-charges-lindsay-lohan-and-other-celebrities-for-illegally-touting-crypto-045711820.html?src=rss
US law enforcement authorities this week arrested the person allegedly responsible for hacking the Federal Bureau of Investigation (FBI) in 2021. As reported by Krebs on Security (via The Verge), FBI agents on Wednesday arrested Conor Brian Fitzpatrick on suspicion of running BreachForums. As Brian Krebs notes, the website’s administrator, “Pompompurin,” is responsible for or connected to some of the most high-profile hacks in recent memory, including multiple incidents involving the FBI.
In 2021, Pompompurin took credit for compromising the agency’s email servers and sending thousands of fake cybersecurity warnings. Pompompurin is also linked to the 2022 breach of the FBI’s InfraGard network, an incident that saw the contact information of its more than 80,000 members go on sale. Separately, Pompompurin is connected to the 2021 Robinhood hack that saw the data of 7 million users compromised, and the 2022 Twitter data leak.
In a sworn affidavit, one of the FBI agents involved in the arrest claims Fitzpatrick identified himself as Pompompurin and admitted to being the owner of BreachForums. The forum rose from the ashes of RaidForums, which the FBI raided and shut down last year. For the moment, BreachForums is still up and running. "I think it's safe to assume [Pompompurin] won't be coming back, so I'll be taking ownership of the forum," said a user named Baphomet. "I have most, if not all the access necessary to protect BF infrastructure and users." Fitzpatrick will appear before a federal court on March 24th.
This article originally appeared on Engadget at https://www.engadget.com/us-authorities-arrest-alleged-breachforums-owner-and-fbi-hacker-pompompurin-170009266.html?src=rss
In December, ByteDance confirmed that it fired four employees who had used TikTok to spy on the locations of two journalists. Now, Forbesreports that the FBI and the Department of Justice have been investigating the incident.
News of the investigation comes at a moment when ByteDance is facing mounting pressure to sell its stake in TikTok. The company confirmed that US officials have said that TikTok will face a possible ban in the United States if ByteDance doesn’t separate itself from the video app.
TikTok critics in Congress have previously raised questions about the app’s surveillance tactics, particularly in light of ByteDance’s acknowledgement that employees had inappropriately accessed the data of US users.The full extent of law enforcement’s investigation into the incident is unclear but, according to Forbes, ByteDance has received subpoenas from the DoJ. The FBI has also conducted interviews related to the matter, though it’s not clear if the two are part of the same investigation.
"We have strongly condemned the actions of the individuals found to have been involved, and they are no longer employed at ByteDance,” a ByteDance spokesperson said in a statement. “Our internal investigation is still ongoing, and we will cooperate with any official investigations when brought to us."
This article originally appeared on Engadget at https://www.engadget.com/bytedance-is-reportedly-under-investigation-for-surveillance-of-us-journalists-224223010.html?src=rss
FTX founder and former CEO Sam Bankman-Fried may be stuck using a dumb phone for the foreseeable future. In a letter seen by Bloomberg, prosecutors involved in his criminal case said Friday that Bankman-Fried’s lawyers had agreed to modify the terms of his bail agreement. Provided the judge overseeing the case agrees to the changes, SBF will be restricted to using a “non-smartphone” without internet connectivity. Unless a lawyer is present, he will also be forbidden from contacting current or former FTX and Alameda Research employees. Additionally, SBF won’t be able to use encrypted messaging apps, including Signal.
The proposed restrictions come after Bankman-Fried allegedly attempted to contact the general counsel of FTX’s US subsidiary over Signal at the start of the year. “I would really love to reconnect and see if there’s a way for us to have a constructive relationship, use each other as resources when possible, or at least vet things with each other,” he said in one message, according to the Justice Department.
Earlier in the week, Nishad Singh, FTX’s former director of engineering, pleaded guilty to federal fraud and conspiracy charges. Singh is the third of Bankman-Fried’s inner circle to cooperate with prosecutors in the case against him. At the end of last year, former Alameda Research CEO Caroline Ellison and FTX co-founder Zixiao "Gary" Wang pleaded guilty to fraud charges and said they would cooperate with investigators.
According to Bloomberg, District Judge Lewis Kaplan threatened to revoke Bankman-Fried’s bail and send him to jail before the start of his trial after learning that the disgraced entrepreneur may have influenced potential witnesses. Last month, Kaplan also banned Bankman-Fried from using a virtual private network (VPN) after his lawyers said he used one to watch a football game. According to Reuters, Kaplan said he did not want SBF "loose in this garden of electronic devices.”
Under the modified bail agreement, SBF would be allowed to use a laptop to surf the web, but his access would be filtered through a VPN that would limit him to two categories of websites. One category would include resources his defense team says are critical to his case. The other features a list of 23 websites SBF could use to order food, read the news and watch streaming content. No word yet if the proposed restrictions would limit him from playing League of Legends.
This article originally appeared on Engadget at https://www.engadget.com/justice-department-wants-sam-bankman-fried-to-use-a-flip-phone-for-the-rest-of-his-bail-201356652.html?src=rss
Nishad Singh, a co-founder of collapsed cryptocurrency exchange FTX, has pleaded guilty to US federal fraud and conspiracy charges. Singh, who was FTX's director of engineering, is the third member of Sam Bankman-Fried's inner circle to agree to cooperate with prosecutors in the case against him. Former executives Caroline Ellison and Zixiao "Gary" Wang previously pleaded guilty to fraud charges.
Singh pleaded guilty to six criminal counts, including wire fraud and conspiracy to defraud the US by violating campaign finance laws. He agreed to forfeit the proceeds of his actions, as Reutersreports. Bankruptcy filings showed that Singh received a $543 million loan from Alameda.
Singh admitted to making illegal donations to political candidates and PACs under his name using funds from Alameda Research (FTX's sibling hedge fund and crypto trading firm). He claimed the donations were intended to bolster the political influence of FTX and Bankman-Fried (aka SBF), according to The Wall Street Journal. Singh added that he agreed with the stances of those he donated to but didn't pick the candidates. Per OpenSecrets, he contributed $8 million to Democratic PACs and campaigns during the 2022 election cycle.
Moreover, Singh said he found out in mid-2022 that Alameda was borrowing billions of dollars in customer funds from FTX. It emerged by September that Alameda wasn't able to repay those funds. Singh additionally claimed that he falsified FTX’s revenues at SBF's behest to make the company more palatable to investors.
SBF now faces 12 criminal charges after an indictment detailing four additional ones was unsealed last week. Among other things, he has been accused of stealing billions of dollars in FTX customer funds and misleading investors and lenders. Notably, in light of Singh's plea, the charges include alleged violations of federal campaign finance laws by donating to a super PAC under the names of two executives. SBF, who was arrested and extradited from the Bahamas in December, has pleaded not guilty to the charges. His trial is set for October.
This article originally appeared on Engadget at https://www.engadget.com/ftx-co-founder-nishad-singh-pleads-guilty-to-fraud-and-conspiracy-charges-192939749.html?src=rss
FTX co-creator Sam Bankman-Fried (aka SBF) is now dealing with four new charges over the collapse of his crypto exchange. A newly unsealed indictment in a New York federal court accuses SBF of fraudulent activity through both FTX and a linked hedge fund. The co-founder also allegedly violated federal campaign finance laws by making secret political donations using the names of two executives.
The expanded charges now include 12 counts. A source speaking to CNBC claims the additional allegations could lead to an additional 40 years in prison if SBF is convincted.
The FBI is dealing with another attack on its digital infrastructure, although the severity isn't yet clear. The law enforcement agency tellsCNN it has "contained" a recent cybersecurity incident on its network. The bureau isn't commenting on the perpetrator, scope or damage, but says it's gathering "additional information."
Sources speaking to CNN claim the intruders targeted a system used to investigate child sexual abuse material (CSAM). The incident involved the high-profile New York Field Office, according to the insiders. Investigators are said to still be investigating the origins of the breach.
This isn't the first such incident in recent memory. In November 2021, an attacker compromised FBI email servers and sent thousands of messages falsely claiming recipients were victims of data breaches. The campaign tried to blame the imaginary attacks on dark web security firm operator Vinny Troia. The FBI never named a culprit, but did patch the flaw that allowed the intrusion.
This may not necessarily be a serious violation. Other campaigns, such as the 2020 Treasury breach and the SolarWinds hack, are known to have exposed sensitive email contacts for officials. Still, the data reportedly at risk makes the attack concerning, even if the impact may be relatively limited.
It's not just international police trying to hold Terraform Labs accountable for a collapse that took $40 billion from investors. The Securities and Exchange Commission has charged Terraform and its CEO Do Kwon with securities fraud for allegedly running a "multi-billion dollar" crypto asset scheme. The blockchain startup purportedly misled investors by falsely claiming that its TerraUSD asset was a stablecoin pegged to the US dollar, with high yields (up to 20 percent). The firm also fooled people by claiming its Luna token would gain value thanks to a Korean mobile payment app that used the Terra blockchain to settle transactions.
Terraform and Do Kwon didn't provide "full, fair and truthful disclosure" for their crypto asset securities, SEC chair Gary Gensler says. The charges include registration and anti-fraud violations of the Securities Act and Exchange Act.
TerraUSD and Luna lost their peg to the US dollar in May 2022, with the prices of both plunging to near-zero. Investors lodged complaints accusing Terraform and Kwon of running a Ponzi scheme, and the freefall contributed to the collapse of the crypto hedge fund Three Arrows Capital. The crypto exchange Binance quickly faced a lawsuit over claims it incorrectly marketed TerraUSD as a safe asset. While Kwon insisted that he wasn't evading capture, he left his native South Korea, refused to face investigators' questions and was put on Interpol's "red notice" list.
The SEC's charges join a string of efforts to crack down on reported fraud among some of the crypto industry's biggest names. Authorities have most notably pursued FTX and its founder Sam Bankman-Fried over that exchange's downfall, while former Celsius Network chief Alex Mashinsky is also accused of defrauding investors. While crypto may still have a future, it's clear government bodies want stricter enforcement of financial laws in this arena.
