TalkGold — the ponzi forum where Quadriga’s Patryn and Cotten first met

Previously, I wrote that Quadriga cofounders Michael Patryn and the now-deceased Gerald Cotten worked together for a period at Midas Gold, a digital currency exchanger that ran from 2008 until May 2013, when it was pulled offline. Now, it appears their connections stretch back even further.

According to data posted by Reddit user QCXINT, the two business partners appear to have been active on TalkGold, a popular forum for pushing high-yield investment programs (HYIPs), as early as 2003. Likely, that is where they first met. Evidence also suggests the two were active on BlackHatWorld, a site for discussing dubious marketing strategies for websites. Cotten also appears to have been a ponzi operator himself. 

This is a long post, so here is a quick summary of what’s ahead:

  • Cotten likely began promoting ponzis in his teens.
  • He was posting on TalkGold under the username “Sceptre.” 
  • At the same time, Patryn posted on TalkGold as “Patryn.” 
  • Patryn and Sceptre joined TalkGold in 2003, within months of each other.
  • Patryn also posted as “Patryn” on MoneyMakerGroup and BlackHatWorld.
  • Sceptre first appeared on BlackHatWorld in 2012, but then changed his profile name to “Murdoch1337.” 
  • Sceptre posted as “Lucky-Invest” on TalkGold to promote a ponzi.

What is a high-yield investment program?

HYIP is just another way of saying ponzi. These schemes typically promise ridiculously high rates of returns. But behind the scenes, no real investment is taking place. The operator simply uses money coming in from new investors to pay off earlier ones, all the while skimming money off the top for him/herself. When the supply of new investors runs out, the scheme collapses.   

Screen Shot 2019-04-23 at 11.49.46 AM
Flimflam man Charles Ponzi, 1920.

Ponzis are nothing new. The name stems from Charles Ponzi, an Italian immigrant who defrauded tens of thousands of Bostonians out of $18 million in 1920. Ponzi went to jail, and when he got out, the US promptly deported him to Italy. New York financier Bernie Madoff ran a $65 billion ponzi, the largest in history. He was convicted in 2008.

In the early 2000s, the Internet and the advent of early centralized digital currencies, like e-gold and Liberty Reserve, saw a new wave of ponzis. Operators anonymously set up their storefronts online and used e-currencies to obscure the source and flow of funds.

HYIP operators rely on social media and referrals to create hype and make their offerings appear legitimate. Despite the red flags, many people still invest in HYIPs, thinking that if they get in early enough, they can make a buck.  

An entire subculture has proliferated around HYIPs. There are sites that track and monitor HYIPs, and forums, where people go to promote and learn more about HYIPs. There’s even an HYIP subreddit, in case you want to poke around. 

When an HYIP scheme collapses—and they always collapse—the collapse is generally blamed on a hack, a theft, or a bad investment—some type of external event that is plausibly at arm’s length from the operator. When that happens, the HYIP operator begins issuing “refunds”—in good faith, of course.

Some HYIP operators even go to the effort of setting up long-winded spreadsheets, and paying back dribs and drabs over months. Of course, the first people to get paid back are usually insiders or the operators themselves, under different names, who then loudly proclaim what a great guy the operator is, and how decent it is of him/her to spend all their time and effort refunding everyone.

The U.S. Financial Industry Regulatory Authority (FINRA), the regulatory body charged with governing business between brokers, dealers and the investing public, writes that “virtually every HYIP we have seen bears hallmarks of fraud.”

TalkGold and MoneyMakerGroup

Starting in January 2003, TalkGold and sister site MoneyMakerGroup were two hugely popular Internet forums used to launch and promote HYIPs. The sites were pulled offline on August 21, 2017, a day after the U.S. Department of Justice (DoJ) filed an asset forfeiture complaint against Edward and Brian Krassenstein, the twin brothers that ran the sites. Homeland Security raided the twins’ Florida homes a month later.

According to BehindMLM, the DoJ docs read:

“Since at least 2003, Brian and Edward Krassenstein … have owned and operated websites devoted to the promotion of fraudulent HYIPs. In particular, the Krassenstein run sites ‘talkgold.com’ and ‘moneymakergroup.com’ are discussion forums in which HYIP operators advertise and promote their fraud schemes to potential victims.”

“Patryn” on TalkGold

Michael Patryn, formerly Omar Dhanani, was arrested in October 2004 on charges related to his involvement with Shadowcrew, a cybercrime message board. Operating under the pseudonym “Voleur,” French for thief, he offered Shadowcrew members an electronic money laundering service—wire him cash, and he would fund your e-gold account, thereby adding a layer of anonymity to any purchases you planned to make.

After the Shadowcrew bust, TalkGold users began to speculate that “Patryn,” a prolific poster on TalkGold, was Dhanani—and there is good reason to suspect that he was. 

“Patryn” joined TalkGold on April 3, 2003. His profile linked directly to VFS Network, a network for several digital currency exchangers, including Midas Gold, HD Money, and Triple Exchange—three that Patryn himself operated. VFS Network was also his business. (VFS stands for Voleur Financial Services.)

Screen Shot 2019-04-23 at 12.21.53 PM

If that is not enough evidence, “Patryn” openly admits on TalkGold that he operates Midas Gold. The business registration for Midas Gold also lists “Omar Patryn” (one of Patryn’s known aliases) as its sole director. 

Patryn also appears to have used the profile name “Patryn” on MoneyMakerGroup, with the same link to VFS Network. He joined MoneyMakerGroup on November 27, 2007, six months after he got out of a US federal prison, where he served 18 months related to his earlier Shadowcrew arrest.

Sceptre on TalkGold

Cotten was likely “Sceptre” on TalkGold. Sceptre joined TalkGold on July 4, 2003, three months after Patryn joined. Cotten would have been 15 or 16, at the time.  

TalkGold members were able to list “friends” on the site. A May 2013 archived profile page for Patryn shows that he had six friends—one of whom is Sceptre. Similarly, a May 2013 archived profile page for Sceptre shows he had one friend—“Patryn.”  

The two also interacted. Many of Sceptre’s TalkGold posts appear alongside Patryn’s in the same thread, either promoting or defending VFS Network, Midas Gold, or one of the other exchanges Patryn operated. (If you read my past article, there is also evidence to suggest that Cotten was the main operator for Midas Gold.)  

On December 7, 2009, when a user on TalkGold complains that he is having issues with Midas Gold, Sceptre replies, “I’ve never had any problems with M-Gold. They are usually very efficient.” Patryn follows on the same thread with, “M-Gold does not work during weekends. What is your order reference number? I will have it taken care of ASAP.”

On September 29, 2012, “Patryn” responds to someone complaining about Midas Gold keeping their money. (This was not unusual, by the way. There were many complaints about Midas Gold withholding customer funds. See here, here and here.)

“Patryn” writes:

“To the best of my knowledge, both of us have been responding to your emails. You sent me five emails yesterday demanding that I hurry up and resolve this issue. Your issue will be resolved ASAP. Unfortunately, I cannot force the banks to speed up their investigation process.”

In the same thread, Sceptre replies to “Patryn,” almost mocking the customer.

“lol, I’m surprised you’re willing to help him. You offer your dispute resolution for free, and he thanks you by spamming your inbox and complaining that you don’t reply while you’re sleeping.”

In September 2012, a poster asks, “I am looking for a LR Exchanger into HD-Money.” (Basically, the poster wants to convert one digital currency, Liberty Reserve, into another, without having to go through fiat). Sceptre replies, “For this type of trade I would use ecashworldcard.” Patryn follows by posting a link to his HD-Money site, which lists Ecash World Card as an offering.

Cotten and Patryn on BlackHatWorld

BlackHatWorld is a forum where people go to discuss “black hat” marketing tactics. Paid shilling (paying someone to promote your product on social media), negative SEO attacks (improving your SEO ranking by destroying your competitor’s) and gaming a search engine’s algorithm are all topics of discussion on this forum.

These tactics are generally used by Websites that only plan to stick around long enough to make a quick financial gain, which is exactly what HYIPs aim to do.

Someone going by “Patryn” was also active on BlackHatWorld. This person joined on September 6, 2012, and was last active on September 7, 2017. He only posted 9 messages.

Another poster—”Murdoch1337″—in BlackHatWorld, was much more active. He joined on February 12, 2012, and his last activity was January 8, 2017. This person appears to have previously been posting as Sceptre, and we believe this was Cotten. 

Screen Shot 2019-04-23 at 2.21.23 PM

(QXCINT also tells me that one of Cotten’s email accounts—g@mailhoose.com, which was tied to a number of Cotten’s domain registrations—has or had an active account on BlackHatWorld, but the method he used was too technical for me to confirm independently.)

Murdoch1337 appears as the original poster in a thread titled “Sceptre’s Spectacular Content Services!!! – $1.50 per 100 words”—an indication that Sceptre likely switched his profile name to Murdoch1337 sometime after he started the thread. He responds to other posters in the thread as if he is the one offering the content services. “That’s all the review copies for now,” he writes. “For everyone else, feel free to place your orders using the order info in my original post.”

On September 10, 2013, Murdoch1337 posts an ad for a developer to help him with an upcoming cryptocurrency exchange. In the ad, he writes:

“I am looking for a programmer who is familiar with Bitcoin to develop a website that is very similar to Bitstamp…Also, I’m looking to get this project built and online quickly, so if you are able to do it quickly, that is a bonus.”

This ad was posted three months before Quadriga launched in beta. The timing makes sense given that Quadriga was was based on WLOX, an open-source exchange solution available on Github, which would have dramatically reduced the time it took to create a functioning crypto exchange. Alex Hanin built the Quadriga platform, though it is not clear if Cotten actually recruited Hanin via this ad on BlackHatWorld.

An almost identical ad with the title “Bitstamp clone – Bitcoin trading project” was posted on Freelancer.com. The job poster, who was anonymous, had 38 projects on the site. He left a few telling details behind on one of the projects:

Hi

I’m looking for programmers who are knowledgeable when it comes to Bitcoin and I found you.

I have a number of projects that need work, including a new Bitcoin exchange. Are you able to build sites like this? If so, i’d like to get in touch

Thanks

Gerry

Skype: gerrywc

email: sceptre@countermail.com.

S&S Investments and Lucky Invest

One of Sceptre’s HYIPs was S&S Investments, a website that opened for business on January 1, 2004. (“Copyright @2004 Sceptre” is written at the bottom of the page.) He promotes the scheme as a way to double your money

“You invest a sum of money into the program and within 48 hours (usually within 18) you will receive a return of anything from 103% to 150%, possibly more.”

Screen Shot 2019-04-25 at 10.09.52 AM

He is sure to point out that this is “not what is called a ponzi or pyramid scheme.” It offers returns that are far better!  

In case the first offer sounded a little too far fetched, he changes the text later to something only slightly more believable. S&S now becomes a “fixed term investment,” which pays 115% in a week….”you can invest and walk away in profit after just 7 days!”

Screen Shot 2019-04-25 at 10.15.00 AM.png

Of course, S&S ultimately collapses, and discussion around it gets moved to the “Closed / Scammed Programs” section of TalkGold, where Sceptre continues to string along anxious investors, who continue to hold out hope for a “refund.” He writes:

“Refunds WILL take some time. I cannot guarantee that they will all be made quickly. The refund process is likely to spread over a long period of time, but I am willing to do my best to refund everyone to the best of my ability. Please be patient and you will receive a lovely surprise in your e-gold, a refund from S&S Investments,” Sceptre writes.

One TalkGold user reviewed what he considered to be the 12 biggest HYIP “scams” on TalkGold. This is what he wrote about S&S Investments:

“S&S Investments is an interesting program because it was operated by a ‘well known’ person in the HYIP arena. I use the quote marks, because this person was not well known at all, in fact he was very anonymous. No one knew his name, other than his nickname he used to post with, Sceptre. He used anonymous proxies, he was very well hidden. Yet because he had over 1000 posts on TalkGold, he earned a kind of pseudo-trust that people get from being very visible and always online.

Sceptre started off with a small little program that promised to pay back a large amount after a few days. It soon grew to become very, very popular, and it was not long before he upgraded to a fully automated script.

Sceptre wouldn’t tell people how he made the money, he just said that was his little secret. Virtually everyone invested into S&S Investments based on his post count on TalkGold. “He’s made a lot of posts on TalkGold, therefore he must be honest” seemed to be the general opinion of the investors.

S&S Investments went for sometime before cracks started to appear. First the website went offline, then was back again, but withdrawals weren’t being honoured, then the site went offline again. Finally, Sceptre made an announcement that S&S Investments were closed and refunds were to promised.

For a while, refunds did proceed, but then things started to dry up. Since the summer, no more refunds have been processed.

Hey, just because someone has thousands of posts on a forum, doesn’t mean he’s a trustworthy guy. Use your head, look at what the whole program is offering.”

In May 2004, Sceptre appears to switch to another TalkGold profile, “Lucky-Invest,” to promote a Lucky Invest HYIP. 

At one point in a thread, he apparently forgets to log out of Lucky-Invest and continues responding as if he were Sceptre, until another poster calls him out:

“You forgot to sign in as ‘sceptre’. ohhhhhhhhhhhhhh . .. looks like Lucky-Invest changed their message!!! . . . too funny!!! . .. did you get caught Sceptre??? hahaha ;)”

Sceptre/Lucky-Invest replies:

“I’m not trying to hide. Lucky Invest, the Newest Investment/Game. My profits go to help pay refunds. THIS IS A GAME, IT WILL NOT HAVE ANY REFUNDS.”

This is a straight out admission that Lucky Invest was not an actual investment. It was a “game,” in other words, a fraud. When you give me your money, it is mine. There are no refunds in this game, just me sharing my profits.

Knowing that Cotten and Patryn did business together on TalkGold does not tell us where the CA$250 million worth of crypto and fiat that was on Quadriga went. (Only a fraction of those funds have been recovered so far.) But it certainly does bring up questions, such as, was Cotten really just a starry-eyed Bitcoin libertarian? Or was he a seasoned con artist, who had no qualms about taking other people’s money?

Did you enjoy this story? Become a co-conspirator. Support me on Patreon.

 

Quadriga: Patryn, Cotten, and Midas Gold—a Liberty Reserve exchanger

Screen Shot 2019-04-09 at 5.18.37 PMThe now-defunct Canadian crypto exchange QuadrigaCX was founded in November 2013. Where did its co-founders Michael Patryn and the now-deceased Gerald Cotten first meet? Did they exchange pleasantries in the Toronto Bitcoin community? Did they meet online? Or did they have other prior business dealings?

New evidence uncovered by Reddit user “QCXINT” (he’ll be posting more on Reddit soon) suggests that Cotten appears to have been involved with Patryn at Midas Gold, a Liberty Reserve exchanger, set up by Patryn in 2008.

Patryn and Midas Gold

Patryn was formerly Omar Dhanania convicted felon who was arrested in connection with online identity theft ring Shadowcrew.com in October 2004. He was 20 at the time. Working out of his home in Southern California, he was a moderator on the forum. He also offered forum members an electronic money laundering service. Send him a Western Union money order and—for a fee of 10% of a transaction—he would filter your money through e-gold accounts. E-gold was an early centralized digital currency. Dhanani served 18 months in a US prison and was released in 2007.

After the US deported him back to Canada, Patryn picked up where he left off. In April 2008, he founded Midas Gold Exchange. He was listed as the company’s sole director under “Omar Patryn,” with a company address in Calgary—although, he was living in Montreal at the time. A few months earlier, the digital currency exchange service launched on M-Gold.com (Here is an archive of the site taken in its early days, and here is an archive showing an updated design taken just before things took a dive).

In January 5, 2008, the earliest entry on the website reads:

“We have finally launched this website, and are requesting that clients place all future orders through the Contact Us page. We have, of course, been in business since 2005 and hope to continue providing you with the same great service throughout the new year. Thank you once again for your business, and have a happy New Year!”

There are no names of actual people anywhere on the site. But an October 17, 2009 entry gives the impression that a whirl of activity is going on behind the scenes.

“We apologize for the delays experienced for many clients during the course of this week. We are currently undergoing a massive corporate restructuring. During this time, some exchange directions are temporarily disabled. All pending orders should be processed within one business day.”

Digital currencies listed on the site included E-Gold, HD-Money, WebMoney, WMZ E-Currency, AlterGold E-Currency. Midas Gold even started accepting bitcoin in June 2011, but Liberty Reserve was by far its main money maker.

How Liberty Reserve worked

A Costa Rica-based centralized digital currency service, Liberty Reserve was like PayPal for criminals. You could use it to anonymously transfer the system’s digital currency LR, worth $1 apiece,* to anyone who had an account on the system. The system served millions of users around the world before May 2013, when it was shut down by the U.S. government.

(*All dollars listed in this article are USD)

To set up an account on libertyreserve.com, all you needed was a valid email address. You could make up whatever fake, silly name you wanted, because the site had virtually no KYC/AML. It did not validate identities, and you could send huge amounts of money without anyone raising an eyebrow. 

You could not fund your Liberty Reserve account directly, however. If you wanted to buy LR, you had to go through a third-party exchanger, such as M-Gold. Conversely, if you wanted to redeem your LR for cash, you also had to go through an exchanger. 

LR exchangers would buy LRs in bulk and sell them in smaller quantities, typically charging a 5% transaction fee. This setup allowed Liberty Reserve to avoid collecting banking information on its users, which could leave a financial trail—exactly what criminals want to avoid when choosing a digital currency. 

Liberty Reserve went into operation in 2005. Eight years later, the system had more than 5.5 million users worldwide and processed a combined value of more than $8 billion. Most of that volume came from the U.S.

During 2009 to 2013, Liberty Reserve was in full swing. These were the sunshine days of criminal activity. A huge number of transactions were related to high-yield investment programs (HYIPs)—better known as ponzis schemes—credit card trafficking, stolen ID information and computer hacking.  

Cotten’s email

A data dump—in one of the court exhibits (see attachment #180 for GX 1305) related to the takedown of Liberty Reserve—shows that Midas Gold ranked 342 of the top 500 Liberty Reserve accounts in volume.

The name on the Midas Gold account is Omar Patryn, but the email address linked to it is geraldcotten@gmail.com. What does that mean? It means whoever owned that email had the authority to operate the Midas Gold account for Liberty Reserve. They could reset the password, enable or disable 2FA, and authorize transactions. 

The data indicates Midas Gold bought up more than $5 million worth of LR. At 5 percent of a transaction, that equates to profits of around $250,000—not a lot, but decent wages.

Screen Shot 2019-04-09 at 10.49.15 AM
Rank: 342, Category: Exchanger, Associated website: http://www.m-gold.com, All currencies: $5,221,489.02, LR: $5,081,353.88, Account name: Midas Gold Exchange, First name: Omar, Last name: Patryn, Email: geraldcotten@gmail.com

The email suggests that Cotten and Patryn may have worked at M-Gold.com together—though its not clear if Cotten was involved from the beginning or joined later. If anything, this could even suggest that Cotten had more control over Midas then Patryn.

Pause for a moment — if you were going to be involved in a dodgy business, why would you use an email address that directly pointed to you? I know I wouldn’t. If you are still wondering, “Was that really Cotten’s email?” The answer is, “Quite possibly—yes.”

We think this is his email because the person appears to have used that same email address for several domain registrations, including, cloakedninja.com, where you could buy proxy sites to hide your IP address, and celebritydaily.net, an entertainment news blog. A historical WHOIS data snapshot of these site reveals they both have a registration address of 346-1881 Steeles Ave W Toronto. Quadriga Fintech Solutions, the owner and operator of QuadrigaCX, is linked to the same address. 

Screen Shot 2019-04-09 at 3.56.21 PM.png

Patryn’s Liberty Reserve account

In addition to the Midas Gold account, Patryn had his own account on Liberty Reserve, but his account had no associated website. He appears to have had at least three other exchangers at the time—HD Money (archive) and E-cash World and Triple Exchange (archive). It’s possible he was selling LR through those sites as well as Midas Gold, and was just using the one account. Or Cotten could have operated Midas alone, while Patryn handled the other businesses.

Approximately $18.4 million worth of LR went through Patryn’s Liberty Reserve account. Of Liberty Reserve’s 500 largest accounts by volume, his ranked 88. If he took a 5 percent cut of every transaction, he would have amassed a healthy $920,000.

Screen Shot 2019-04-09 at 12.32.59 PM
Rank: 88, Category: Exchanger, Associated website: [field empty], All currencies: $18,653,708.71, LR: $18,416,444.50, Account type: Currency, First Name: Omar, Last Name: Patryn, email: admin@patryn.com
A passage from the court documents explains:

“Data obtained from Liberty Reserve’s servers reflects the extensive use of the company’s payment system by criminal websites. The Government analyzed the top 500 accounts by transaction volume, i.e. funds sent and received, to attempt to determine the type of activity associated with each account. The total transaction volume for these accounts is approximately $7.26 billion, or approximately 43% of the total volume of transactions on Liberty Reserve’s entire system.”

Also according to the analysis, of the top roughly 500 accounts, 44 percent were associated with exchangers, 18 percent could not be categorized, and the remaining 38 percent were categorized as follows:

“157 of the accounts, accounting for approximately $2.6 billion in transactions, were associated with some form of purported ‘investment’ opportunity. The vast majority of these accounts were linked to websites that, on their face, were clearly ponzi schemes, i.e., HYIPs. Others, at best, were associated with unregulated ‘forex’ (foreign currency trading) websites—which are likewise known to be prominent sources of fraud.”

Ruh Roh

Screen Shot 2019-04-09 at 12.57.29 AMGood things never seem to last, and in May 20, 2013, Liberty Reserve founder Arthur Budovsky was arrested in Spain for running a massive money laundering enterprise. Days later, the domain libertyreserve.com was seized.

Shortly afterward, US authorities seized more than 30 domains registered as Liberty Reserve exchangers in a civil forfeiture case, including M-Gold.com. According to court docs, “the defendant domain names were used to fund Liberty Reserve’s operations; without them, there would not have been money for Liberty Reserve to launder.” 

Following the shut down of Liberty Reserve, users were told to contact the court to recoup their lost funds—on the basis they were conducting legit business. According to court docs filed in April 2016: “Notwithstanding that Liberty Reserve had more than 5 million registered user accounts, only approximately 50 individuals have contacted the Southern District Court of New York since May 2013.” Most appeared to be victims of HYIPs and other scams. And only one Liberty Reserve exchanger contacted the court about a potential claim—and that claim was not pursued.

A few months after M-Gold.com was seized, QuadrigaCX launched in beta. The rest is history—or history in the making—depending how you look at it. 

Did you like this story? Please support my work on Patreon, so I can keep on doing it.