In brief
- A manager of a Russian group linked to election manipulation has been charged with wire fraud conspiracy.
- US authorities allege that he opened up accounts at crypto exchanges using fraudulent identities.
- A blockchain analytics firm followed the money.
US federal authorities have put out an arrest warrant for a Russian national they allege conspired to interfere in US elections and stole identities of US citizens to open fraudulent accounts at cryptocurrency exchanges through which he, along with accomplices, funneled almost $1 million.
The complaint, filed in the Eastern District of Virginia court yesterday, alleges that Artem Lifshits, 27, of St. Petersburg, Russia, is a manager of “Project Lakhta,” an operation geared toward meddling with the US election and engineering distrust in the nations’ political system.
"According to the complaint, the subject engaged in a wire fraud conspiracy to further Russian foreign influence efforts and to enrich himself and others," said Alan E. Kohler, Jr. FBI Assistant Director of the Counterintelligence Division, in a statement released by the US Department of Justice yesterday.
Lifshits, along with Russian nationals Anton Andreyev, Darya Aslanov, as well as Andrii Derkach, a member of Ukraine’s parliament and a suspected Russian spy, have received sanctions.
The money, much of it in cryptocurrency, was used to "promote Project Lakhta’s influence operations and for personal enrichment,” according to the DOJ’s press release. They likely used cryptocurrency due to its privacy features and because it is far less regulated than traditional finance. They stole identities of US citizens to gain access to major crypto exchanges, which these days have identity checks.
Elliptic, a blockchain analytics firm, traced the cryptocurrency used to bankroll the operation. Analyzing the addresses listed on the US Treasury’s website, it found that almost $1 million passed through between May 2017 and January 2017.
Transactions ended “soon after the midterm elections of November 2018," said Dr. Tom Robinson, Elliptic’s co-founder and chief scientist, in a blog post.
Elliptic’s investigators found that, of the 23 crypto addresses listed by OFAC, $624,118 (64%) of the funds were held in Bitcoin; $260,354 (26.8%) in Ether; $80,281 (8.3%) in the privacy coin, Zcash; and $2,464 (0.3%) in Bitcoin SV.
Money bounced around several different exchanges, among them Gemini, Bitfinex, Poloniex and Binance.
Elliptic said that the conspirators could be doing something called “chain-hopping,” whereby criminals move funds between lots of exchanges. This makes it difficult to trace funds, but more importantly, it makes it a nightmare for authorities to ask exchanges to freeze funds.
Elliptic wrote that “In fact, one or more accounts at a single, well-known exchange received over 96% of the USD 1 million in crypto involved,” but that it would “not disclose the exchanges involved due to confidentiality reasons.”
Analysis by Rich Sanders, CEO of blockchain forensics firm Cipherblade, provided to Decrypt, suggests that the majority of the funds went to Poloniex. "There's a market, definitely on the dark web and even in some Telegram groups, for KYC'd exchange accounts," he told Decrypt. The money was transferred before Poloniex barred US citizens. "Their KYC was best described as underwhelming prior, let alone ongoing prevention measures," he said.
Editor's note: This article was updated with commentary and analysis from Rich Sanders, CEO of CipherBlade.