Liquor Entrepreneur Arrested For Defrauding Investors (DOJ Release)SEC Charges Tequila Company Founder with Misappropriating Investor Funds (SEC Release)
Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe / Indictment Expands 2018 Case that Detailed Attack on Sony Pictures and Creation of WannaCry Ransomware by Adding Two New Defendants and Recent Global Schemes to Steal Money and Cryptocurrency from Banks and Businesses while Operating in North Korea, China (DOJ Release)Attorney General James Sues to Shut Down Illegal Cryptocurrency Trading Platform and Virtual Currency, Seeks to Recoup Defrauded Funds for Thousands of Investors / Coinseed Willfully Ignored Numerous Securities and Commodities Registration Laws / Unregistered Trading Platform Put Thousands of Investors' Money at Risk (NYAG Release)SEC Charges Digital Asset Trading Platform and Its CEO with Registration Violations (SEC Release)
From 2014 to 2018, CIMINO raised approximately $935,000 from at least 25 investors ostensibly to fund a tequila company that he founded (the "Tequila Company"). Throughout this period CIMINO made numerous false and misleading representations in an effort to attract and maintain investors. For example, in multiple communications with prospective investors, CIMINO falsely inflated the amount of capital that the Tequila Company had raised from other investors, and falsely represented that certain individuals were investors in the Tequila Company, when in reality they had not invested any funds. CIMINO also fabricated or falsely inflated the Tequila Company's sales in a number of investor communications. In December 2015, CIMINO made statements in an email to a prospective investor falsely implying that the Tequila Company already had sales, when in fact, the company's initial sales did not occur until 2017. In July 2017, CIMINO falsely represented in an investor report and quarterly profit and loss ("P&L") statement that the Tequila Company's year-to-date sales totaled 3,410 cases, when its actual sales totaled only 350 cases. Then, in October 2017, CIMINO falsely represented that the Tequila Company's year-to-date sales totaled 6,035 cases, when its actual year-to-date sales totaled barely 20 percent of that number. CIMINO further claimed to investors in October 2017 that the Tequila Company would receive reimbursement for 800 cases of tequila that were supposedly destroyed at a distributor's warehouse in Puerto Rico as a result of Hurricane Maria. That statement was a fabrication. In reality, the Tequila Company had no insurance and none of its inventory had been destroyed in the hurricane.In addition to deceiving investors about the Tequila's Company's financial condition, CIMINO used investor money for personal expenses, including groceries, pet supplies, and personal entertainment. From 2014 to 2018, CIMINO transferred approximately $472,000 of investor money from the Tequila Company into his personal bank account, and used a significant portion of those deposits for personal living expenses, contrary to the operating agreements provided to investors.
[F]rom approximately December 2014 through September 2017, Cimino raised approximately $985,000 from investors through misrepresentations. As alleged, Cimino deceived certain investors by providing them with a list containing false investor names and dollar amounts of the fake investors' purported investments, creating the appearance that 6 Degree Tequila had raised more money than it actually had. The complaint further alleges that Cimino provided falsified financial statements and sales data to certain investors. In addition, as alleged, Cimino misappropriated a substantial portion of the funds raised from investors for his own personal use, including by transferring over $470,000 to his personal checking account. According to the complaint, Cimino used the stolen funds to pay his living expenses and other personal bills.
[F]rom at least 2017 through November 2020, GOODMAN defrauded at least 23 of his investor clients out of approximately $2,250,123. As part of his scheme to defraud, GOODMAN lied to prospective and existing clients about his use of their money, the security and profitability of the financial accounts he claimed to administer on their behalf, and the status and performance of their funds. During in-person sales pitches or through email messages and phone calls, GOODMAN provided clients with materially false and fraudulent information, including investment proposals and bogus online account information. GOODMAN also misrepresented to clients that their funds would be returned to them upon request, when, in fact, GOODMAN either kept all of the money or provided investors with refunded payments that were late, incomplete, or both, or that were refunds actually funded by other clients' money.According to his guilty plea and documents filed with the court, instead of placing his clients' money into safe and secure investment accounts, GOODMAN deposited client funds into bank accounts he controlled. GOODMAN misappropriated his clients' funds for his own use and benefit by, among other things, purchasing and remodeling his home in Maple Grove, using funds for the purchase and construction of a $1.69 million home in Plymouth, buying a 2019 Ford Expedition and a 2020 Ford Explorer, funneling approximately $700,000 toward his other business, MoneyVerbs, and paying for personal expenditures, including a hot tub, a cruise, fitness club memberships, jewelry, and credit card payments.As part of the plea agreement, GOODMAN will forfeit to the United States his right, title, and interest in any property, which constitutes or is derived from proceeds traceable to his mail fraud scheme, including real property in Maple Grove and Plymouth, Minnesota, vehicles, and his interest in his MoneyVerbs business.
The indictment alleges a broad array of criminal cyber activities undertaken by the conspiracy, in the United States and abroad, for revenge or financial gain. The schemes alleged include:
According to the allegations contained in the hacking indictment, which was filed on Dec. 8, 2020, in the U.S. District Court in Los Angeles and unsealed today, the three defendants were members of units of the RGB who were at times stationed by the North Korean government in other countries, including China and Russia. While these defendants were part of RGB units that have been referred to by cybersecurity researchers as Lazarus Group and APT38, the indictment alleges that these groups engaged in a single conspiracy to cause damage, steal data and money, and otherwise further the strategic and financial interests of the DPRK government and its leader, Kim Jong Un.
- Cyberattacks on the Entertainment Industry: The destructive cyberattack on Sony Pictures Entertainment in November 2014 in retaliation for "The Interview," a movie that depicted a fictional assassination of the DPRK's leader; the December 2014 targeting of AMC Theatres, which was scheduled to show the film; and a 2015 intrusion into Mammoth Screen, which was producing a fictional series involving a British nuclear scientist taken prisoner in DPRK.
- Cyber-Enabled Heists from Banks: Attempts from 2015 through 2019 to steal more than $1.2 billion from banks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa by hacking the banks' computer networks and sending fraudulent Society for Worldwide Interbank Financial Telecommunication (SWIFT) messages.
- Cyber-Enabled ATM Cash-Out Thefts: Thefts through ATM cash-out schemes - referred to by the U.S. government as "FASTCash" - including the October 2018 theft of $6.1 million from BankIslami Pakistan Limited (BankIslami).
- Ransomware and Cyber-Enabled Extortion: Creation of the destructive WannaCry 2.0 ransomware in May 2017, and the extortion and attempted extortion of victim companies from 2017 through 2020 involving the theft of sensitive data and deployment of other ransomware.
- Creation and Deployment of Malicious Cryptocurrency Applications: Development of multiple malicious cryptocurrency applications from March 2018 through at least September 2020 - including Celas Trade Pro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale - which would provide the North Korean hackers a backdoor into the victims' computers.
- Targeting of Cryptocurrency Companies and Theft of Cryptocurrency: Targeting of hundreds of cryptocurrency companies and the theft of tens of millions of dollars' worth of cryptocurrency, including $75 million from a Slovenian cryptocurrency company in December 2017; $24.9 million from an Indonesian cryptocurrency company in September 2018; and $11.8 million from a financial services company in New York in August 2020 in which the hackers used the malicious CryptoNeuro Trader application as a backdoor.
- Spear-Phishing Campaigns: Multiple spear-phishing campaigns from March 2016 through February 2020 that targeted employees of United States cleared defense contractors, energy companies, aerospace companies, technology companies, the U.S. Department of State, and the U.S. Department of Defense.
- Marine Chain Token and Initial Coin Offering: Development and marketing in 2017 and 2018 of the Marine Chain Token to enable investors to purchase fractional ownership interests in marine shipping vessels, supported by a blockchain, which would allow the DPRK to secretly obtain funds from investors, control interests in marine shipping vessels, and evade U.S. sanctions.Money Launderer Charged in California and GeorgiaFederal prosecutors today also unsealed a charge against Ghaleb Alaumary, 37, of Mississauga, Ontario, Canada, for his role as a money launderer for the North Korean conspiracy, among other criminal schemes. Alaumary agreed to plead guilty to the charge, which was filed in the U.S. District Court in Los Angeles on Nov. 17, 2020. Alaumary was a prolific money launderer for hackers engaged in ATM cash-out schemes, cyber-enabled bank heists, business email compromise (BEC) schemes, and other online fraud schemes. Alaumary is also being prosecuted for his involvement in a separate BEC scheme by the U.S. Attorney's Office for the Southern District of Georgia.With respect to the North Korean co-conspirators' activities, Alaumary organized teams of co-conspirators in the United States and Canada to launder millions of dollars obtained through ATM cash-out operations, including from BankIslami and a bank in India in 2018. Alaumary also conspired with Ramon Olorunwa Abbas, aka "Ray Hushpuppi," and others to launder funds from a North Korean-perpetrated cyber-enabled heist from a Maltese bank in February 2019. Last summer, the U.S. Attorney's Office in Los Angeles charged Abbas in a separate case alleging that he conspired to launder hundreds of millions of dollars from BEC frauds and other scams.Accompanying Mitigation EffortsThroughout the investigation, the FBI and the Justice Department provided specific information to victims about how they had been targeted or compromised, as well as information about the tactics, techniques, and procedures (TTPs) used by the hackers with the goals of remediating any intrusion and preventing future intrusions. That direct sharing of information took place in the United States and in foreign countries, often with the assistance of foreign law enforcement partners. The FBI also collaborated with certain private cybersecurity companies by sharing and analyzing information about the intrusion TTPs used by the members of the conspiracy.In addition to the criminal charges, the FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, in collaboration with the U.S. Department of Treasury, today released a joint cybersecurity advisory and malware analysis reports (MARs) regarding North Korean cryptocurrency malware. The joint cybersecurity analysis and MARs highlight the cyber threat North Korea - which is referred to by the U.S. government as HIDDEN COBRA - poses to cryptocurrency and identify malware and indicators of compromise related to the "AppleJeus" family of malware (the name given by the cybersecurity community to a family of North Korean malicious cryptocurrency applications that includes Celas Trade Pro, WorldBit-Bot, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale). The joint cybersecurity advisory and MARs collectively provide the cybersecurity community and public with information about identifying North Korean malicious cryptocurrency applications, avoiding intrusions, and remedying infections.The U.S. Attorney's Office and FBI also obtained seizure warrants authorizing the FBI to seize cryptocurrency stolen by the North Korean hackers from a victim in the indictment - a financial services company in New York - held at two cryptocurrency exchanges. The seizures include sums of multiple cryptocurrencies totaling approximately $1.9 million, which will ultimately be returned to the victim.
[T]he defendants sought to finance their fraudulent company by raising funds in an unregistered securities offering and luring in investors with false claims about their professional experiences and the role of their management team. Coinseed scammed investors into purchasing their CSD token by violating New York laws requiring complete and truthful disclosures, as would be required by those offering any other traditional securities offering.Attorney General James further alleges, in the complaint, that the defendants, while advertising low fees for the mobile application trading platform, were adding an undisclosed markup to the quoted price to extract additional fees from investors. Additionally, Attorney General James charges Coinseed and the additional defendants with conducting an unregistered securities offering in the form of an initial coin offering (ICO) for CSD, as well as never registering to trade any cryptocurrency within or from New York state.
[F]rom at least December 2017 to May 2018, Coinseed and Davaasambuu sold digital asset securities called "CSD tokens" to hundreds of investors, including investors based in the US. The complaint alleges that Coinseed and Davaasambuu did not file a registration statement for the offering, and that the offering failed to satisfy any exemption from registration. The complaint further alleges that by failing to file a registration statement, Coinseed denied prospective investors the information required for such an offering to the public. As alleged, through the offering Coinseed raised at least $141,410.