A man at the centre of an extradition tug of war between the US, France and his home country, Russia, is now being sued for $100 million USD by the California Department of Justice (DOJ).
Alexander Vinnick has been imprisoned in Greece since July 2017 when he was arrested in Thessaloniki by Greek police with assistance from American agents. He is wanted in the US, France, and Russia for allegedly committing or facilitating cybercrimes and/or fraud against citizens in those countries.
Vinnik is accused of running BTC-e, a now-notorious London-headquartered Bitcoin exchange that, among other things, allegedly processed bitcoins used by Russian intelligence to fund their attacks on the 2016 US presidential elections.
Victims of the notorious Mt Gox exchange hack also traced some of the $500 million USD in bitcoins stolen from Mt Gox users to accounts directly controlled by Vinnik.
As well, according to consulting/auditing firm PwC:
“BTC-e is known for its involvement in laundering approximately USD 4 billion and is responsible for cashing out 95% of all ransomware payments made from 2014 to 2017…”
The current case against Vinnick comes as America’s powerful Financial Crimes Enforcement Network (FinCEN), “seeks to enforce monetary penalties FinCEN assessed against BTC-e and Vinnik for alleged violations of the Bank Secrecy Act (BSA)…”
Vinnick has claimed in court appearances that his role at BTC-e was minor. But according to the DOJ:
“Vinnik, a Russian national, occupied a senior leadership position within BTC-e, controlled multiple BTC-e administrative accounts used to process BTC-e’s transactions, and participated in the direction and supervision of BTC-e’s operations and finances.”
Penalties against BTC-e and Vinnick were assessed in California around the same time as his arrest in Greece:
“On July 26, 2017, FinCEN assessed monetary penalties against BTC-e and Vinnik for violations of the BSA. FinCEN assessed $12 million in penalties against Vinnick and $88,596,314 in penalties against BTC-e for BTC-e’s alleged willful violations of the BSA. The civil complaint seeks to enforce the monetary penalties issued by FinCEN.”
FinCEN’s jurisdiction appears to stem from the agency’s determination that BTC-e, though, “…registered in Cyprus and/or the Seychelles…operated in…other jurisdictions, including the Northern District of California, and allowed its users to buy and sell bitcoin and other digital currencies anonymously through its web domain, btc-e.com.”
This latest case against Vinnick should give pause to any cryptocurrency exchange or wallet service that only recently began to scrupulously vet customers and flag suspicious transactions.
According to FinCEN:
“FinCEN’s fines (assessed in 2017) were based, in part, on BTC-e’s failure to have reasonable AML policies or procedures in place to prevent criminal activity on the digital currency exchange.”
“Under the BSA, an MSB must file a suspicious activity report (SAR) if it becomes aware of transactions that the MSB ‘knows, suspects, or has reason to suspect’ are suspicious where those transactions involve the MSB and aggregate to at least $2,000 in value.”
BTC-e’s endeavours appear to have been particularly flagrant, however:
“FinCEN’s penalties were assessed, in part, because BTC-e did not file SARs and instead received proceeds from ransomware schemes, transferred funds to and from known dark net marketplaces, and deposited funds stolen from other digital currency exchanges into BTC-e accounts that Vinnik controlled.”