Tag: Liberty Reserve

Tether and sanctions: what’s coming for Paolo’s beautiful launderette

  • By Amy Castor and David Gerard

Tether has long played financial shell games to keep its dollar stablecoin USDT up and running. It’s also been happy to ignore money laundering laws for most of its existence.

But we think Tether’s day of reckoning is on the horizon due to USDT’s latest use case: sanctions evasion.

How sanctions work

The international financial sanctions system, led by the US and Europe, aims to cut off cash flows to serious bad actors — terrorists, enemy countries, major criminals, and so on.

As Congressman Juan Vargas told Mark Zuckerberg of Facebook in the Libra hearings: “The dollar is very important to us as a tool of American power and also a tool of American values. So we would much prefer to put sanctions on a country than send our soldiers there.”

The US regards the power of the dollar and the sanctions system as part of the national defense. Sanctions are taken very seriously

The Office of Foreign Assets Control at the US Treasury keeps a list of sanctioned individuals, countries, and companies. [OFAC]

Doing business with an OFAC-sanctioned entity is a strict liability offense that can result in massive fines. That hasn’t stopped Tether.

Use case for Tether: North Korea, Hamas, Russia

Tether’s sanction violations started hitting the papers two years ago. 

In August 2022, the US sanctioned Tornado Cash — the favorite crypto mixer of North Korea’s Lazarus Group for laundering stolen ETH to help the country get hard currency. OFAC posted a list of sanctioned Ethereum blockchain addresses for the Tornado Cash smart contract.

Tether flat-out ignored the sanctions. The  company posted that it “does not operate in the United States or onboard U.S. persons as customers,” so is not obliged to comply with US sanctions. [Tether, archive]

(This theory doesn’t quite hold, as we detail later.)

The Palestinian Islamic Jihad received $93 million in crypto between August 2021 and June 2023, according to Elliptic. Wallets connected to Hamas received $41 million over a similar period, almost all in USDT, according to Israeli blockchain firm Bitok. [WSJ, archive]

Chainalysis found that stablecoins like Tether were used in the vast majority of crypto-based scam transactions and sanctions evasion in 2023. [Wired, archive; Chainalysis]

TRM Labs concurred, saying that Tether was the most used stablecoin in illicit crypto flows in 2023. Tether on the Tron blockchain in particular had “cemented its position as the currency of choice for use by terrorist financing entities.” [TRM; Bloomberg, archive]

In April 2024, Reuters reported that PDVSA, Venezuela’s state-run oil company, was steering users to USDT and asking for half of each payment upfront in tethers to avoid having their money frozen in foreign bank accounts. US President Biden lifted sanctions in October — but said he would be reimposing them as Venezuelan President Nicolas Maduro had failed to uphold his commitment to free and fair elections. [Reuters, archive; CoinDesk]

Also in April, the Wall Street Journal reported that tethers had become “indispensable” to fund the Russian invasion of Ukraine. Russian middlemen used USDT to skirt US sanctions and procure parts for drones and other equipment. [WSJ, archive]

Bloomberg reported that the US and the UK were investigating $20 billion in tethers that passed through Garantax, a Russian-based crypto exchange that both the US and the UK have sanctioned. [Bloomberg, archive

Russians were using tethers to skirt sanctions quite soon after the invasion of Ukraine in February 2022. You would buy tethers in Russia with rubles and sell them in London for pounds. [CoinDesk]

The Counter ISIS Finance Group is a group of countries aiming to cut off funding to the Islamic State of Iraq and Syria. Most of ISIS’s funding is in cash — but the US Treasury fact sheet on the CIFG’s January 2024 meeting has a whole section on their fondness for tethers, particularly in Western Africa. [Press release; fact sheet, PDF]

Liberty Reserve

Liberty Reserve was a digital currency service run out of Costa Rica, active from 2006 to 2013. It issued dollar-backed liabilities called “LR.” These were just entries in a ledger at Liberty Reserve — everything was centralized. But otherwise, LR worked very like a stablecoin.

Customers purchased LR through middlemen — such as Gerry Cotten and Michael Patryn, who ran Midas Gold before starting the now-collapsed Quadriga crypto exchange. These “exchangers” bought LR in bulk directly from Liberty Reserve and sold them to secondary users. This helped obscure the money trails.

LR and its ilk ushered in a new era of cyber money laundering. Gone were the days of crossing borders with suitcases full of cash. You could simply set up an LR account and send dollar equivalents digitally!

Liberty Reserve was a bustling laundromat for seven years — until the DOJ seized its website and arrested its merry band of founders in Spain and New York. The US charged them under the Patriot Act with money laundering and running an unlicensed money transmitter. Liberty Reserve’s founder, Arthur Budovsky, is currently serving a twenty-year sentence. [DoJ; DoJ

Liberty Reserve Junior

Tether is Liberty Reserve but on the blockchain.

Tether has large clients who purchase USDT in bulk — or maybe borrow it, the tethers being created out of thin air with the loan being the “backing reserve.”

Secondary users buy the tethers on offshore crypto exchanges, such as Bitfinex, Binance, and Huobi.

Tether disclaims any responsibility for what these secondary users do with their tethers — even as Tether has complete control over all USDT and can freeze or destroy individual tethers at any time.

Tether is an improvement over Liberty Reserve because it runs on a blockchain — 15 different blockchains, in fact, with Tron being its main blockchain.

As well as DeFi shenanigans local to each chain, this also facilitates chain hopping — where you take a pile of tethers from multiple customers, mix them up, and move them to a new chain, making the funds harder to trace. 

Tether routinely creates hundreds of thousands of tethers at a time on one chain, so they can “swap” them from another chain. Sometimes they actually burn the old tethers on the original chain! [Tether]

While Liberty Reserve was mainly used by fraudsters, hackers, and traffickers, it never grew to the scale that Tether has — and it never became popular as a tool for sanctions evasion, not just crime. 

Why hasn’t Tether been shut down yet?

Shutting down Liberty Reserve was a huge job — it took a multi-year investigation spanning 17 countries. Tether is even more complex.

Tether is not very linked to the US. None of its principals are US citizens. The company is registered in the British Virgin Islands. The CEO, Paolo Ardoino, lives in El Salvador. Tether’s main bank is Deltec in the Bahamas. A major owner is based in Thailand. 

Tether has a long and sketchy history, back to its launch in 2015. They operated under the radar for years. By 2017, federal enforcement agencies were too busy tackling the ICO boom to take notice. So Tether grew unchecked.

In 2018, the New York Attorney General charged Tether and its crypto exchange sibling Bitfinex with fraud when they tried to cover up $850 million in missing reserves. The companies settled in February 2021 for $18.5 million, a small slap on the wrist. 

In the process of investigating Tether and Bitfinex, the NYAG accumulated quite a lot of dirt on the companies. You might think they would have passed this pile of evidence to the Feds with a bow on top — and they did try.

In his book Number Go Up, Zeke Faux writes how New York reached out to the SEC, the DOJ, and the CFTC about Tether in early 2021 — but the Feds just weren’t interested?! The CFTC did eventually act against Tether later in 2021.

It wasn’t until 2022 that the Feds finally started to pay attention — when they noticed Tether’s role in sanctions evasion.

A bigger hammer

Despite Tether’s claims to have no links to the US, the company has more than a little US exposure — they have substantial backing reserves held in the US in dollars, such as their Treasury notes at Cantor Fitzgerald. This makes them at least slightly subject to US law.

In any case, non-US entities who work around US sanctions risk being sanctioned themselves. This may be applied to individuals as well as companies. [OFAC, PDF]

An entity may be cut off from the US dollar system altogether — and from any entity elsewhere in the world that wants to keep its access to US dollars. This is a financial death penalty. It’s a big stick.

If Tether remains noncompliant, this could put their banking and reserve relations at risk. Having Tether as a client could become too risky even for Cantor. 

By 2023, Tether had wised up a bit. They froze 32 wallets that were linked to terrorism and warfare in Ukraine and Israel in October 2023. In December, Tether froze 41 wallets tied to sanctions as a “precautionary” measure. [Tether; Tether]

By this time, the Feds were keeping a close eye on Tether. 

Ardoino wrote public letters to US senators in November and December proclaiming Tether was now in “alignment” with OFAC, and they were fine with freezing secondary addresses. Also, Tether had “onboarded” the Secret Service onto their platform — though it’s not clear just what that meant — and they were working with the FBI and the DOJ. [Yahoo; Tether; Letter, PDF; Letter, PDF]

Seriously, stop it

While Tether was blocking addresses and trying to convince the world it was in full compliance, the US government was making its annoyance more explicit.

Treasury Secretary Wally Adeyemo gave a speech at the November 2023 Blockchain Association Summit. This was the earliest example we could find of the government using the words “national security” about cryptocurrency: [Treasury]

While some have heeded our calls and taken steps to prevent illicit activity, the lack of action by too many firms—both large and small—represents a clear and present risk to our national security.

Adeyemo doesn’t name Tether in the speech, but it’s clear who he’s talking about:

We cannot allow dollar-backed stable coin providers outside the United States to have the privilege of using our currency without the responsibility of putting in place procedures to prevent terrorists from abusing their platform.

He gave this speech just after the Binance settlement dropped.

Senators Elizabeth Warren (D-MA) and Roger Marshall (R-KS) sent a letter to the Treasury, the Department of Defense, and the White House in April 2024 saying that they were concerned about Russia, Iran, and North Korea using Tether to evade sanctions: [Letter, PDF; WSJ]

The national security threat posed by cryptocurrency requires a commensurate response by our country’s defense community. We seek information on the additional authorities you may need in order to neutralize this threat.

The US has decades-old laws in place for dealing with sanction violators. The Bank Secrecy Act, the Patriot Act, and the International Emergency Economic Powers Act give the US sweeping powers. 

The government is also working on new stablecoin regulations — and any effective regulation on US dollar stablecoins would likely be fatal to Tether. 

What happens next?

Binance already learned this lesson after supplying services to Iran. They had to settle fines of more than $4 billion for violating the BSA, money transmitter laws, and the IEEPA. Former Binance CEO Changpeng Zhao was sentenced to four months in prison. Binance is getting a monitor.

We expect something similar to happen to Tether — large fines, compliance requirements, and the possibility of jail time for Tether principals.

If the heat gets too much, Tether might try to unwind the entire fund and shut down. The tricky parts will be how to do this while keeping as much of the money as possible and how to realize and return the dollar value of what reserves actually exist in any tangible sense.

But most importantly, they have to not unduly upset any of the more demanding sort of Tether customer who knows where they live.

___________________

  • You can sponsor our efforts to produce more work like this. Here’s Amy’s Patreon and here’s David’s. For casual tips, here’s Amy’s Ko-Fi and here’s David’s.
  • Help our work: if you liked this post, tell just one other person.

Posted on by Amy Castor 0

The DOJ’s criminal probe into Tether — What we know

Early this morning, Bloomberg reported that Tether executives are under a criminal investigation by the US Department of Justice.  

The DOJ doesn’t normally discuss ongoing investigations with the media. However, three unnamed sources leaked the info to Bloomberg. The investigation is focused on Tether misleading banks about the true nature of its business, the sources said.

The DoJ has been circling Tether and Bitfinex for years now. In November 2018, “three sources” — maybe even the same three sources — told Bloomberg the DOJ was looking into the companies for bitcoin price manipulation. 

Tether responded to the latest bit of news in typical fashion — with a blog post accusing Bloomberg of spreading FUD and trying to “generate clicks.” 

“This article follows a pattern of repackaging stale claims as ‘news,” Tether said. “The continued efforts to discredit Tether will not change our determination to remain leaders in the community.”

But nowhere in its post did Tether deny the claims. 

Last night, before the news broke, bitcoin was pumping like crazy. The price climbed nearly 17%, topping $40,000. On Coinbase, the price of BTC/USD went up $4,000 in three minutes, a bit after 01:00 UTC. 

After a user placed a large number of buy orders for bitcoin perpetual futures denominated in tethers (USDT) on Binance — an unregulated exchange struggling with its own banking issues — The BTC/USDT perpetual contract hit a high of $48,168 at around 01:00 UTC on the exchange.

Bitcoin pumps are a good way to get everyone to ignore the impact of bad news and focus on number go up. “Hey, this isn’t so bad. Bitcoin is going up in price. I’m rich!”

So what is this DoJ investigation about? It is likely a follow-up to the New York attorney general’s probe into Tether — and its sister company crypto exchange Bitfinex — which started in 2018. 

Tether and Bitfinex, which operate under the same parent company iFinex, settled fraud charges with the NY AG for $18.5 million in February. They were also banned from doing any further business in New York.

“Bitfinex and Tether recklessly and unlawfully covered-up massive financial losses to keep their scheme going and protect their bottom lines,” the NY AG said.

The companies’ woes started with a loss of banking more than a year before the NY AG initiated its probe. 

Banking history

Tether and Bitfinex, both registered in the British Virgin Islands, were banking with four Taiwanese banks in 2017. Those banks used Wells Fargo as a correspondent bank to process US dollar wire transfers. 

In other words, the companies would deposit money in their Taiwanese banks, and those banks would send money through Wells Fargo out to the rest of the world. 

However, in March 2017, Wells Fargo abruptly cut off the Taiwanese banks, refusing to process any more transfers from Tether and Bitfinex. 

About a month later — I would guess, after Wells Fargo told them they were on thin ice — the Taiwanese banks gave Tether and Bitfinex the boot.  

Since then, Tether and Bitfinex have had to rely increasingly on shadow banks — such as Crypto Capital, a payment processor in Panama — to shuffle funds around the globe for them. 

They also started furiously printing tethers. In early 2017, there were only 10 million tethers in circulation. Today, there are 62 billion tethers in circulation with a big question as to how much actual cash is behind those tethers.  

Crypto Capital

Partnering with Crypto Capital turned out to be an epic fail for Bitfinex and Tether.

The payment processor was operated by principals Ivan Manuel Molina Lee and Oz Yosef with the help of Arizona businessman Reggie Fowler and Israeli woman Ravid Yosef — Oz’s sister, who was living in Los Angeles at the time.

In April 2019, Fowler and Ravid were indicted in the US for allegedly lying to banks to set up accounts on behalf of Crypto Capital. Fowler is currently awaiting trial, and Ravid Yosef is still at large. 

Starting in early 2018, the pair set up dozens of bank accounts as part of a shadow banking network for Crypto Capital. Some of those banks — Bank of America, Wells Fargo, HSBC, and JP Morgan Chase — were either based in the US, or in the case of HSBC, had branches in the US, and therefore, fell under the DOJ’s jurisdiction. 

In total, Fowler’s bank accounts held some $371 million and were at the center of his failed plea negotiation in January 2020. Those accounts, along with more frozen Crypto Capital accounts in Poland, meant that Tether and Bitfinex had lost access to some $850 million in funds in 2018.

Things spiraled downhill from there. Molina Lee was arrested by Polish authorities in October 2019. He was accused of being part of an international drug cartel and laundering funds through Bitfinex. And Oz Yosef was indicted by US authorities around the same time for bank fraud charges.

Tether stops printing

At the beginning of 2020, there were only 4.5 billion tethers in circulation. All through the year and into the next, Tether kept issuing tethers at greater and greater rates. Then, at the end of May 2021, it stopped — and nobody is quite sure of why. Pressure from authorities? A cease and desist order? 

Usually, cease and desist orders are made public. And it is hard to imagine that there would be an order that has been kept non-public since May.

One could argue, you don’t want to keep printing dubiously backed stablecoins when you’re under a criminal investigation by the DOJ. But as I’ve explained in prior posts, other factors could also be at play. 

For instance, since Binance, one of Tether’s biggest customers, is having its own banking problems, it may be difficult for Binance users to wire funds to the exchange. And since Binance uses USDT in place of dollars, there’s no need for it to acquire an additional stash of tethers at this time.

Also, other stablecoins, like USDC and BUSD, have been stepping in to fill in the gap.

The DOJ and Tether

You can be sure that any info pulled up by the NY AG in its investigation of Tether and Bitfinex has been passed along to the DoJ and the Commodities and Futures Trading Commission — who, by the way, subpoenaed Tether in late 2017. 

Coincidentally — or not — bitcoin saw a price pump at that time, too. It went from around $14,000 on Dec. 5, 2017, the day before the subpoena was issued, to nearly $18,000 on Dec. 6, 2017 — another attempt to show that the bad news barely had any impact on the bitcoin price. 

Tether relies on confidence in the markets. As long as people believe that Tether is fully backed, or that Tether and Bitfinex probes won’t impact the price of bitcoin, the game can continue. But if too many people start dumping bitcoin in a panic and rushing toward the fiat exits, the truth — that there isn’t enough cash left in the system to support a tsunami of withdrawals — will be revealed, and that would be especially bad news for Tether execs. 

Will Tether’s operators be charged with criminal actions any time soon? And which execs is the DoJ even investigating? The original operators of Bitfinex and Tether — aka “the triad” — are Chief Strategy Officer Phil Potter, CEO Jan Ludovicus van der Velde and CFO Giancarlo Devasini.

Phil Potter supposedly pulled away from the operation in mid-2018. And nobody has heard from van der Velde or Devasini in a long, long time. Now, the two main spokespersons for the companies are General Counsel Stuart Hoegner and CTO Paolo Ardoino, who give lots of interviews defending Tether and accusing salty nocoiners like me of FUD.  

Tracking down bad actors takes a lot of coordination. Recall that the DoJ had to work with authorities in 17 different countries to finally arrest the operators of Liberty Reserve, a Costa Rica-based centralized digital currency service that was used for money laundering. Similar to Liberty Reserve, Tether is a global operation and all of the front persons associated with Tether — except for Potter who lives in New York — currently reside outside of the US. 

It may still take a long while to completely shut down Tether and give it the Liberty Reserve treatment. But if the DoJ files criminal charges against Tether execs, that is at least a step in the right direction.

Read more: 
The curious case of Tether — a complete timeline
Nocoiner predictions: 2021 will be a year of comedy gold 

If you like my work, please subscribe to my Patreon for as little as $5 a month. Your support keeps me going.

Posted on by Amy Castor 0

TalkGold—the Ponzi forum where Quadriga’s Patryn and Cotten first met

Previously, I wrote that QuadrigaCX cofounders Michael Patryn and the now-deceased Gerald Cotten worked together for a period at Midas Gold, a Liberty Reserve exchanger that ran from 2008 until May 2013, when it was pulled offline. Now it appears that their connections stretch back even further.

According to data gathered by Reddit user QCXINT, the two business partners were active on TalkGold, a popular forum for pushing high-yield investment programs, aka Ponzi schemes, as early as 2003. Likely, that is where they first met. Evidence also suggests the two were active on BlackHatWorld, a site for discussing dubious marketing strategies for websites. Cotten also appears to have been a Ponzi operator himself. 

This is a long post, so here is a quick summary of what’s ahead:

  • Cotten began promoting Ponzi schemes in his teens.
  • He was posting on TalkGold under the username “Sceptre.” 
  • Michael Patryn, aka Omar Dhanani, posted on TalkGold as “Patryn.”
  • “Patryn” and “Sceptre” joined TalkGold in 2003, within months of each other.
  • Michael Patryn also posted as “Patryn” on MoneyMakerGroup and BlackHatWorld.
  • “Sceptre” first appeared on BlackHatWorld in 2012, but changed his profile name to “Murdoch1337.” 
  • “Sceptre” posted as “Lucky-Invest” on TalkGold to promote a Ponzi.

What is a high-yield investment program?

HYIP schemes typically promise ridiculously high rates of returns, but behind the scenes, no real investment is taking place. The operator simply uses money from new investors to pay off earlier ones, all the while skimming funds off the top for himself. When the supply of new investors runs dry, the scheme collapses. All Ponzi schemes collapse at some point.   

Screen Shot 2019-04-23 at 11.49.46 AM
Flimflam man Charles Ponzi, 1920.

Ponzi schemes are nothing new. The name stems from Charles Ponzi, an Italian immigrant who defrauded tens of thousands of Bostonians out of $18 million in 1920. Ponzi went to jail, and when he got out, the U.S. promptly deported him to Italy. New York financier Bernie Madoff ran a $65 billion Ponzi, the largest in history. His Ponzi fell apart during the financial crisis when too many customers started trying to pull their money out. Madoff was convicted in 2008.

In the early 2000s, the internet and the advent of early centralized digital currencies, like E-gold and Liberty Reserve, saw a new wave of Ponzi schemes. Operators anonymously set up their storefronts online and used e-currencies to obscure the source and flow of funds.

HYIP operators typically rely on social media and referrals to create hype and make their offerings appear legitimate. Despite the red flags, many people invest in HYIPs, thinking that if they get in early enough, they can make a buck.  

An entire subculture has proliferated around HYIPs. There are sites that track and monitor HYIPs, and forums where people go to promote and learn more about HYIPs. There’s even an HYIP subreddit.

When an HYIP scheme collapses, the collapse is generally blamed on a hack, a theft, or a bad investment—some type of external event that is plausibly at arm’s length from the operator. When that happens, the HYIP operator begins issuing “refunds”—in good faith, of course.

Some HYIP operators even go to the effort of setting up long-winded spreadsheets and paying back dribs and drabs over months. Naturally, the first people to get paid back are generally insiders or the operators themselves—under different names—who then proclaim what a great guy the operator is, and how decent it is of him to spend all of his time and effort refunding everyone.

The U.S. Financial Industry Regulatory Authority (FINRA), the regulatory body charged with governing business between brokers, dealers and the investing public, writes that “virtually every HYIP we have seen bears hallmarks of fraud.”

TalkGold and MoneyMakerGroup

Starting in January 2003, TalkGold and sister site MoneyMakerGroup were two hugely popular internet forums for launching and promoting HYIPs. The sites were pulled offline on August 21, 2017, a day after the Department of Justice filed an asset forfeiture complaint against the Krassenstein brothers, Edward and Brian, who ran the sites. Homeland Security raided the twins’ Florida homes a month later.

According to BehindMLM, the DoJ docs read:

“Since at least 2003, Brian and Edward Krassenstein … have owned and operated websites devoted to the promotion of fraudulent HYIPs. In particular, the Krassenstein run sites ‘talkgold.com’ and ‘moneymakergroup.com’ are discussion forums in which HYIP operators advertise and promote their fraud schemes to potential victims.”

Patryn on TalkGold

Michael Patryn, formerly Omar Dhanani, was arrested in October 2004 on charges related to his involvement with Shadowcrew, a cybercrime message board. Operating under the pseudonym “Voleur,” French for thief, he offered Shadowcrew members an e-money laundering service—wire him cash, and he would fund your E-gold account, helping to obscure your financial trail. 

After the Shadowcrew bust, TalkGold users began to speculate that “Patryn,” a prolific poster on TalkGold, was in fact, Dhanani—and there is good reason to suspect that he was. 

“Patryn” joined TalkGold on April 3, 2003. His profile linked directly to VFS Network, a network for several digital currency exchangers, including three that Patryn himself operated: Midas Gold, HD Money, and Triple Exchange. VFS Network (stands for Voleur Financial Services) was also his business. 

Screen Shot 2019-04-23 at 12.21.53 PM

“Patryn” also openly admits on TalkGold that he operates Midas Gold. The business registration for Midas Gold also lists “Omar Patryn” (one of Patryn’s known aliases) as its sole director. 

Further, Patryn appears to have used the profile name “Patryn” on MoneyMakerGroup, with the same link to VFS Network. He joined MoneyMakerGroup on November 27, 2007, six months after he got out of a U.S. federal prison, where he served 18 months related to his earlier Shadowcrew arrest.

Sceptre on TalkGold

Cotten was likely “Sceptre” on TalkGold. Sceptre joined TalkGold on July 4, 2003, three months after “Patryn” joined. Cotten would have been 15 or 16, at the time.  

TalkGold members were able to list “friends” on the site. A May 2013 profile page for Patryn shows that he had six friends—one of whom is Sceptre. Similarly, a May 2013 profile page for Sceptre shows he had one friend—“Patryn.”  

The two also interacted. Many of Sceptre’s TalkGold posts appear alongside Patryn’s in the same thread, either promoting or defending VFS Network, Midas Gold, or one of the other exchanges that Patryn operated. (There is also evidence to suggest that Cotten, not Patryn, was the main operator for Midas Gold.)  

On December 7, 2009, when a user on TalkGold complains that he is having issues with Midas Gold, Sceptre replies: “I’ve never had any problems with M-Gold. They are usually very efficient.” Patryn follows on the same thread with, “M-Gold does not work during weekends. What is your order reference number? I will have it taken care of ASAP.”

On September 29, 2012, “Patryn” responds to someone complaining about Midas Gold keeping their money. (This was not unusual, by the way. There were many complaints about Midas Gold withholding customer funds. See here, here and here.)

“Patryn” writes:

“To the best of my knowledge, both of us have been responding to your emails. You sent me five emails yesterday demanding that I hurry up and resolve this issue. Your issue will be resolved ASAP. Unfortunately, I cannot force the banks to speed up their investigation process.”

In the same thread, Sceptre replies to “Patryn,” almost mocking the customer.

“lol, I’m surprised you’re willing to help him. You offer your dispute resolution for free, and he thanks you by spamming your inbox and complaining that you don’t reply while you’re sleeping.”

In September 2012, a poster asks, “I am looking for a LR Exchanger into HD-Money.” (Basically, the poster wants to convert one digital currency, Liberty Reserve, into another, HD-Money, without having to go through fiat). Sceptre replies, “For this type of trade I would use ecashworldcard.” Patryn follows by posting a link to his HD-Money site, which lists Ecash World Card as an offering.

Cotten and Patryn on BlackHatWorld

BlackHatWorld is a forum where people go to discuss “black hat” marketing tactics. Paid shilling (paying someone to promote your product on social media), negative SEO attacks (improving your SEO ranking by destroying your competitor’s) and gaming a search engine’s algorithm are all topics of discussion on this forum.

These tactics are generally used by Websites that only plan to stick around long enough to make a quick financial gain, which is exactly what HYIPs aim to do.

Someone going by “Patryn” was also active on BlackHatWorld. This person joined on September 6, 2012, and was last active on September 7, 2017. He only posted nine messages.

Another poster—”Murdoch1337″—in BlackHatWorld, was much more active. He joined on February 12, 2012, and his last activity was January 8, 2017. This person appears to have previously been posting as Sceptre, and we believe this was Cotten. 

Screen Shot 2019-04-23 at 2.21.23 PM

(QXCINT also tells me that one of Cotten’s email accounts—g@mailhoose.com, which was tied to a number of Cotten’s domain registrations—has or had an active account on BlackHatWorld, but the method he used was too technical for me to confirm independently.)

Murdoch1337 appears as the original poster in a thread titled “Sceptre’s Spectacular Content Services!!! – $1.50 per 100 words” — an indication that Sceptre likely switched his profile name to Murdoch1337 sometime after he started the thread. He responds to other posters in the thread as if he is the one offering the content services. “That’s all the review copies for now,” he writes. “For everyone else, feel free to place your orders using the order info in my original post.”

On September 10, 2013, Murdoch1337 posts an ad for a developer to help him with an upcoming cryptocurrency exchange. In the ad, he writes:

“I am looking for a programmer who is familiar with Bitcoin to develop a website that is very similar to Bitstamp…Also, I’m looking to get this project built and online quickly, so if you are able to do it quickly, that is a bonus.”

This ad was posted three months before Quadriga launched in beta. The timing makes sense given that Quadriga was based on WLOX, an open-source exchange solution available on Github, which would have dramatically reduced the time it took to create a functioning crypto exchange. Alex Hanin built the Quadriga platform, though it is not clear if Cotten actually recruited Hanin via this ad on BlackHatWorld.

An almost identical ad with the title “Bitstamp clone – Bitcoin trading project” was posted on Freelancer.com. The job poster, who was anonymous, had 38 projects on the site. He left a few telling details behind on one of the projects:

Hi

I’m looking for programmers who are knowledgeable when it comes to Bitcoin and I found you.

I have a number of projects that need work, including a new Bitcoin exchange. Are you able to build sites like this? If so, i’d like to get in touch

Thanks

Gerry

Skype: gerrywc

email: sceptre@countermail.com.

S&S Investments and Lucky Invest

One of Sceptre’s HYIPs was S&S Investments, a website that opened for business on January 1, 2004. (“Copyright @2004 Sceptre” is written at the bottom of the page.) He promotes the scheme as a way to double your money

“You invest a sum of money into the program and within 48 hours (usually within 18) you will receive a return of anything from 103% to 150%, possibly more.”

Screen Shot 2019-04-25 at 10.09.52 AM

He is sure to point out that this is “not what is called a ponzi or pyramid scheme.” It offers returns that are far better!  

In case the first offer sounded a little too far fetched, he changes the text later to something only slightly more believable. S&S now becomes a “fixed-term investment,” which pays 115% in a week….”you can invest and walk away in profit after just 7 days!”

Screen Shot 2019-04-25 at 10.15.00 AM.png

Of course, S&S ultimately collapses, and discussion around it gets moved to the “Closed / Scammed Programs” section of TalkGold, where Sceptre continues to string along anxious investors, who continue to hold out hope for a “refund.” He writes:

“Refunds WILL take some time. I cannot guarantee that they will all be made quickly. The refund process is likely to spread over a long period of time, but I am willing to do my best to refund everyone to the best of my ability. Please be patient and you will receive a lovely surprise in your e-gold, a refund from S&S Investments,” Sceptre writes.

One TalkGold user reviewed what he considered to be the 12 biggest HYIP “scams” on TalkGold. This is what he wrote about S&S Investments:

“S&S Investments is an interesting program because it was operated by a ‘well known’ person in the HYIP arena. I use the quote marks, because this person was not well known at all, in fact he was very anonymous. No one knew his name, other than his nickname he used to post with, Sceptre. He used anonymous proxies, he was very well hidden. Yet because he had over 1000 posts on TalkGold, he earned a kind of pseudo-trust that people get from being very visible and always online.

Sceptre started off with a small little program that promised to pay back a large amount after a few days. It soon grew to become very, very popular, and it was not long before he upgraded to a fully automated script.

Sceptre wouldn’t tell people how he made the money, he just said that was his little secret. Virtually everyone invested into S&S Investments based on his post count on TalkGold. “He’s made a lot of posts on TalkGold, therefore he must be honest” seemed to be the general opinion of the investors.

S&S Investments went for sometime before cracks started to appear. First the website went offline, then was back again, but withdrawals weren’t being honoured, then the site went offline again. Finally, Sceptre made an announcement that S&S Investments were closed and refunds were to promised.

For a while, refunds did proceed, but then things started to dry up. Since the summer, no more refunds have been processed.

Hey, just because someone has thousands of posts on a forum, doesn’t mean he’s a trustworthy guy. Use your head, look at what the whole program is offering.”

In May 2004, Sceptre appears to switch to another TalkGold profile, “Lucky-Invest,” to promote a Lucky Invest HYIP. 

At one point in a thread, he apparently forgets to log out of Lucky-Invest and continues responding as if he were Sceptre, until another poster calls him out:

“You forgot to sign in as ‘sceptre’. ohhhhhhhhhhhhhh . .. looks like Lucky-Invest changed their message!!! . . . too funny!!! . .. did you get caught Sceptre??? hahaha ;)”

Sceptre/Lucky-Invest replies:

“I’m not trying to hide. Lucky Invest, the Newest Investment/Game. My profits go to help pay refunds. THIS IS A GAME, IT WILL NOT HAVE ANY REFUNDS.”

This is a straight out admission that Lucky Invest was not an actual investment. It was a “game.” In other words, a fraud. Essentially, Sceptre/Lucky-Invest/Gerald Cotten is saying: When you give me your money, it is mine. There are no refunds in this game, just me sharing my profits.

Knowing that Cotten and Patryn did business together on TalkGold does not tell us where the CA$250 million worth of crypto and fiat that went missing on Quadriga went. (Only a fraction of those funds have been recovered so far.) But it does bring up questions. Was Cotten really just a starry-eyed Bitcoin libertarian? Or was he a seasoned con artist who had no qualms about taking other people’s money?

If you like my writing, consider supporting my work by subscribing to my Patreon for $5, $20, or $50 a month. Every little bit helps!

Posted on by Amy Castor 6

Quadriga: Patryn, Cotten and Midas Gold—a Liberty Reserve exchanger

Screen Shot 2019-04-09 at 5.18.37 PMThe now-defunct Canadian crypto exchange QuadrigaCX was founded in November 2013. Where did its co-founders, Michael Patryn and the now-supposedly-deceased Gerald Cotten, first meet? Did they  exchange pleasantries in the Vancouver Bitcoin community earlier that year? Did they meet online in some bitcoin chat forum? Or did they have other prior business dealings even further back?

New evidence uncovered by Reddit user QCXINT suggests that Cotten appears to have been involved with Patryn at Midas Gold, a Liberty Reserve exchanger, set up by Patryn in 2008.

Patryn and Midas Gold

Formerly Omar Dhanani, Patryn is a convicted felon who was arrested in connection with online identity theft ring Shadowcrew.com in October 2004. He was 20 at the time. Working out of his parent’s home in Southern California, he was a moderator on the forum. He also offered forum members an electronic money laundering service. Send him a Western Union money order and—for a fee of 10% of a transaction—he would filter your money through E-gold accounts. E-gold was an early centralized digital currency. Dhanani served 18 months in a US prison and was released in 2007.

After the US deported him to Canada, Patryn picked up where he left off. In April 2008, he founded Midas Gold Exchange. He was listed as the company’s sole director under “Omar Patryn,” with a company address in Calgary—though he was living in Montreal at the time. A few months earlier, the digital currency exchange service launched on M-Gold.com. (Here is an archive of the site taken in its early days, and here is an archive showing an updated design taken just before things took a dive).

In January 5, 2008, the earliest entry on the website reads:

“We have finally launched this website, and are requesting that clients place all future orders through the Contact Us page. We have, of course, been in business since 2005 and hope to continue providing you with the same great service throughout the new year. Thank you once again for your business, and have a happy New Year!”

There are no names of actual people anywhere on the site. But an October 17, 2009, entry gives the impression that a whirl of activity is going on behind the scenes.

“We apologize for the delays experienced for many clients during the course of this week. We are currently undergoing a massive corporate restructuring. During this time, some exchange directions are temporarily disabled. All pending orders should be processed within one business day.”

Digital currencies listed on the site included E-Gold, HD-Money, WebMoney, WMZ E-Currency and AlterGold E-Currency. Midas Gold even started accepting bitcoin in June 2011, but Liberty Reserve was by far its main money maker.

How Liberty Reserve worked

A Costa Rica-based centralized digital currency service, Liberty Reserve was like PayPal for criminals. You could use it to anonymously transfer the system’s digital currency LR, worth $1 apiece, to anyone who had an account on the system. The system served millions of users around the world before May 2013, when it was shut down by the U.S. government.

To set up an account on libertyreserve.com, all you needed was a valid email address. You could make up whatever fake name you wanted because the site had virtually no KYC/AML to validate identities. You could, literally, use the service to send huge amounts of money around the world without anyone batting an eyebrow. 

There was one caveat. You could not fund your Liberty Reserve account directly. If you wanted to buy LR, you had to go through a third-party exchanger, such as M-Gold. Conversely, if you wanted to redeem your LR for cash, you also had to go through an exchanger. 

LR exchangers would buy LR in bulk and sell them in smaller quantities, typically charging a 5% transaction fee. This setup allowed Liberty Reserve to avoid collecting banking information on its users, which could leave a financial trail—exactly what criminals want to avoid when choosing a digital currency. 

Founded by Arthur Budovsky and Vladimir Kats, Liberty Reserve went into operation in 2005. Eight years later, the system had more than 5.5 million users worldwide and processed more than $8 billion. Most of that volume came from the U.S.

During 2009 to 2013, Liberty Reserve was in full swing. These were the sunshine days of its criminal activity. A huge number of transactions were related to high-yield investment programs—better known as Ponzi schemes—credit card trafficking, stolen ID information and computer hacking.  

Cotten’s email

A data dump—in one of the USA v. Kats et al. court exhibits (see attachment #180 for GX 1305) related to the takedown of Liberty Reserve—shows that Midas Gold ranked 342 of the top 500 Liberty Reserve accounts in volume.

The name on the Midas Gold account is Omar Patryn, but the email address linked to it is geraldcotten@gmail.com. What does this mean? It means whoever owned that email had the authority to operate the Midas Gold account for Liberty Reserve. They could reset the password, enable or disable 2FA, and authorize transactions. 

The data indicates Midas Gold bought up more than $5 million worth of LR. At 5% of a transaction. That equates to profits of around $250,000—not a lot, but decent wages.

Screen Shot 2019-04-09 at 10.49.15 AM
Rank: 342, Category: Exchanger, Associated website: http://www.m-gold.com, All currencies: $5,221,489.02, LR: $5,081,353.88, Account name: Midas Gold Exchange, First name: Omar, Last name: Patryn, Email: geraldcotten@gmail.com

The email suggests that Cotten and Patryn may have worked at M-Gold.com together—though its not clear if Cotten was involved from the beginning or joined later. If anything, this could even suggest that Cotten had more control over Midas than Patryn.

Let’s pause for a moment. If you were going to be involved in a dodgy business, why would you use an email address that pointed directly to you? That seems like a dumb thing to do, but then Cotten was still a young con at this stage. Maybe this was a rookie mistake. Also, is this really Cotten’s email? Quite likely, yes.

We think this is his email because he appears to have used the same email address for several domain registrations, including, cloakedninja.com, where you could buy proxy sites to hide your IP address, and celebritydaily.net, an entertainment news blog. A historical WHOIS data snapshot of these site reveals they both have a registration address of 346-1881 Steeles Ave W Toronto. Quadriga Fintech Solutions, the owner and operator of QuadrigaCX, is linked to the same address. 

Screen Shot 2019-04-09 at 3.56.21 PM.png

Patryn’s Liberty Reserve account

In addition to the Midas Gold account, Patryn had his own account on Liberty Reserve, but his account had no associated website. He appears to have had at least three other exchangers at the time—HD Money, E-cash World and Triple Exchange. It’s possible he was selling LR through those sites as well as Midas Gold, and was just using the one account. Or else, Cotten could have operated Midas alone, while Patryn handled the other businesses.

Approximately $18.4 million worth of LR went through Patryn’s Liberty Reserve account. Of Liberty Reserve’s 500 largest accounts by volume, his ranked 88. If he took a 5% cut of every transaction, he would have pulled in $920,000.

Screen Shot 2019-04-09 at 12.32.59 PM
Rank: 88, Category: Exchanger, Associated website: [field empty], All currencies: $18,653,708.71, LR: $18,416,444.50, Account type: Currency, First Name: Omar, Last Name: Patryn, email: admin@patryn.com
A passage from the court filing explains:

“Data obtained from Liberty Reserve’s servers reflects the extensive use of the company’s payment system by criminal websites. The Government analyzed the top 500 accounts by transaction volume, i.e. funds sent and received, to attempt to determine the type of activity associated with each account. The total transaction volume for these accounts is approximately $7.26 billion, or approximately 43% of the total volume of transactions on Liberty Reserve’s entire system.”

Also according to the analysis, of the top roughly 500 accounts, 44% were associated with exchangers, 18% could not be categorized, and the remaining 38% were categorized as follows:

“157 of the accounts, accounting for approximately $2.6 billion in transactions, were associated with some form of purported ‘investment’ opportunity. The vast majority of these accounts were linked to websites that, on their face, were clearly ponzi schemes, i.e., HYIPs. Others, at best, were associated with unregulated ‘forex’ (foreign currency trading) websites—which are likewise known to be prominent sources of fraud.”

The demise of Liberty Reserve

Screen Shot 2019-04-09 at 12.57.29 AMGood things never seem to last, and in May 2013, Budovsky was arrested in Spain for running a massive money laundering enterprise. Kats was arrested in Brooklyn, and the the domain libertyreserve.com was seized.

Shortly afterward, US authorities seized more than 30 domains registered as Liberty Reserve exchangers in a civil forfeiture case, including M-Gold.com. According to court docs: “The defendant domain names were used to fund Liberty Reserve’s operations; without them, there would not have been money for Liberty Reserve to launder.” 

Following the shut down of Liberty Reserve, users were told to contact the court to recoup their lost funds—on the basis they were conducting legitimate business. According to court docs filed in April 2016: “Notwithstanding that Liberty Reserve had more than 5 million registered user accounts, only approximately 50 individuals have contacted the Southern District Court of New York since May 2013.” Most appeared to be victims of HYIPs and other scams. And only one Liberty Reserve exchanger contacted the court about a potential claim—and that claim was not pursued.

A few months after M-Gold.com was seized, QuadrigaCX launched in beta. The rest is history—or history in the making—depending how you look at it. 

Did you like this story? Please support my work on Patreon, so I can keep on doing it.

Posted on by Amy Castor 1