‘He used his real name online’: Bitcoin security expert on $4bn laundering scheme suspect

‘He used his real name online’: Bitcoin security expert on $4bn laundering scheme suspect
A Russian man arrested in Greece on suspicion of laundering $4 billion via bitcoin exchanges did not bother to cover his tracks, selling previously stolen cryptocurrency under his real name, WizSec’s Kim Nilsson, who helped trace the suspect, told RT.

Aleksandr Vinnik, 38, was arrested on Thursday in the Greek resort area of Halkidiki and is facing extradition to the US, where he is wanted on charges of money laundering and running “one of the most important websites of electronic crime in the world,” authorities said upon his arrest.

Vinnik is said to have funneled at least $4 billion in bitcoins through various trading platforms such as Mt. Gox and BTC-e, which he is believed to be linked to, for the purpose of money laundering.

Nilsson, a co-founder of bitcoin security firm WizSec, was not part of the official probe launched by US authorities into the multi-million bitcoin theft, but has been actively assisting investigators, having submitted troves of data as part of his voluntary contribution.

Speaking to RT, Nilsson offered some insight on how the bitcoin laundering suspect was traced.
While Vinnik’s first suspected illicit operations with cryptocurrency may date back to 2011, years passed before it was possible to gather compelling evidence to press charges. This is despite the suspect making more than a few blunders along the way that eventually led to his capture.

READ MORE: ‘Sophisticated’ Ethereum hack steals $8mn worth of cryptocurrency

According to Nilsson, one of Vinnik’s fatal mistakes was the way he disposed of stolen bitcoins.

“The weakness was that after he received his bitcoins and laundered them, he had to move them out to exchanges for selling them, not only to BTC-e but to other exchanges, like Mt. Gox itself, and that left much more in terms of records that could leave a trail back to him,” Nilsson told RT.

The scheme was based on a “single theft” of Mt. Gox private keys in 2011, Nilsson pointed out. The thieves supposedly sent the bitcoins to Vinnik for laundering.

Nilsson, who himself joined the investigation in 2014, noted that Vinnik “was not as cautious as he should have been” while selling his stock of bitcoins, thus allowing security experts to eventually group his addresses together and detect his assets.

“When you use bitcoin, you can scatter your coins between different addresses but unless you’re careful, once you start spending them, they become connected again, because you see all the money flowing back to the same place,” Nillson said.

Moreover, it emerged that Vinnik was actually using his own name while involved in the transactions, a fact that Nillson initially found hard to believe.

"He actually used his real name online in connection with his nickname...I initially saw his name quite a while back, but I had assumed that it was actually an alias since I did not consider the possibility that he would use his real name,” the cyber trade expert admitted.

Despite a seemingly flawed approach to covering his tracks, it took more than a year for WizSec to be able to trace Vinnik.

READ MORE: Hackers nab $32mn in ethereum cryptocurrency

“It was not until around 2015, early 2016 that...I have been aware of the evidence that implicates him in the scheme,” Nillson said, adding that he kept his mouth shut for over a year.

“It felt important not go public too soon and it was better to keep investigating to become more sure and also to avoid tipping anyone off about an ongoing investigation.”

As far as Vinnik’s role in the scam is concerned, Nillson said it remains to be seen whether he was a mastermind or simply a member of a ring tasked exclusively with money laundering.

“Most of the evidence is strong to identify him as a money launderer. If you are a money launderer, receiving these large amounts of money from thieves, you have to have some sort of established relationship with them.”

The nature of these connections should become the subject of further investigation, Nillson believes.