Four men, two in Florida and two in Israel, have reportedly been arrested for the JPMorgan Chase hack, according to The New York Times and Bloomberg News, an incident which occurred in October of last year. The cyberattack put the bank accounts of 76 million households and 7 million small businesses at risk, seizing gigabytes worth of data.
Diego Rodriguez, the United States attorney for the Southern District of New York, disclosed that the men were officially charged with running an unlicensed Bitcoin exchange, titled Coin.Mx. Meanwhile, their criminal charges neglect to mention JPMorgan Chase whatsoever.
While it’s not yet clear how the four suspects were linked in the case, the two Israeli men, Gery Shalon and Ziv Orenstein, were arrested in their native country, while the Florida men were charged in the U.S. on Tuesday.
As reported by federal prosecutors, the pair in Florida, revealed to be Anthony Murgio and Yuri Lebedev, are formally accused of operating Coin.Mx while “knowingly [exchanging] cash for people whom they believed may be engaging in criminal activity.”
Amidst numerous other violations, Coin.Mx has been accused of amassing bitcoins used to purchase ransomware, an increasingly popular type of malware threatening to brick devices in exchange for ransom money. Additionally, the two men allegedly used a fictitious organization known as Collectible Club to gain “beneficial control” over a small credit union based in New Jersey. As the offenders used the organization to process electronic bank payments, prosecutors refer to it as a “captive bank.”
In recently exposed documents federal prosecutors wrote that Collectible Club “sought to trick the major financial institutions through which they operated into believing their unlawful BitCoin exchange business was simply a members-only association of individuals who discussed, bought, and sold collectable items, such as sports memorabilia.”
After speaking with representatives of the National Credit Union Association (NCUA), FBI Special Agent Joey DeCapu asserts in the affidavit that although “the credit union normally handled the modest banking needs of a small group of primarily low-income residents, and had little or no experience with the business of ACH processing,” it was processing over $30 million every month in ACH transactions through its Credit Union account. When the NCUA found out about this, the credit union was required to put the outrageous processing to a halt, followed by the removal of its new board members.
Murgio’s attempts at trying to cover up his criminal action were also considerably weak. Both the affidavit and criminal complaint mention that the domain name for Coin.Mx were registered under his real name, using his real email address and phone number. Likewise, a quick Google search affirms that Collectible Club, too, was linked to the name Anthony Murgio.
- Hackers’ Cyber Monday deals will be unbelievably good
- Hackers sink to new low by stealing Discord accounts in ransomware attacks
- Typos can get you hacked in latest cybersecurity threat
- PayPal’s new Rewards feature adds Honey shopping discounts
- Microsoft Edge now warns when your typos can lead to being phished