Crypto-less Crypto Investment Scams: A California Case
The headline last month was that Shengsheng He, a 39 year old Chinese native living in La Puente California (described as being a resident of Los Angeles and Mexico City) had been sentenced to 51 months in prison and ordered to pay restitution in the amount of $26,867,242. The press release quotes Matthew Geleotti from the Attorney General's office:
"The defendant was part of a group of co-conspirators that preyed on American investors by promising them high returns on supposed digital asset investments when, in fact, they stole nearly $37 million from U.S. victims using Cambodian scam centers. Foreign scam centers, purporting to offer investments in digital assets have, unfortunately, proliferated."
When talking about Crypto Investment Scams, they certainly have "proliferated." They are currently the number one form of cybercrime financial losses in America, for the third year in a row, according to the FBI's IC3.gov. When we refer to these "Pig Butchering" scams as Crypto Investment Scams, it is easy to forget that many "crypto" scams still rely on the tried and true method of wire transfers to shell companies. When we first started exploring Romance Scams and their link to Business Email Compromise, the mostly Nigerian scammers referred to these as "Wire-wire jobs." A wire goes from the victim to a shell company, and a second wire goes from the shell company to the ultimate beneficiary of the crime. While West African Organized Crime continues unabated, Chinese Organized Crime has taken the top spot and is learning that many of the methods of their West African predecessors are still quite useful.
(figures from the ic3.gov 2024 report)In the Shengsheng He case each of the victims believed that they were wiring money to fund their crypto investments. Despite believing they have purchased crypto currency with these funds, they cannot be traced on the blockchain because they do not exist on the blockchain! The first wire transfer went to any of the dozens of shell companies that had been set up across America under the direction of Lu Zhang, an illegal immigrant from China. (Zhang pled guilty to "conspiracy to commit money laundering on 12NOV2024.) The second wire in the "wire-wire" job would then send those funds to one of two bank accounts at Deltec Bank in the Bahamas in the name "Axis Digital Limited." Deltec Bank's website is titled "Deltec Bank: Ultra-Sophisticated Private Banking" and boasts of their "robust anti-money laundering framework."
Axis Digital Limited served as an off-shore crypto exchange that seems to have been created for the purpose of taking "wire-wire" proceeds from Crypto Investment Scams and converting the funds to USDT before transferring them on to the Chinese Organized Crime gangs operating the scam centers in Sihanoukville, Cambodia. The case is being prosecuted in the Central District of California in four parts. Zhang, Wong, Walker, Zhu - Sea Dragon Trading & the Shell Companies One of the cases focuses primarily on the network of US-based shell companies created to receive the wire transfers from the victims. The victims believed they were funding their crypto investments, and would see "deposits" into their imaginary crypto investment accounts that corresponded to the amount of their wire transfers. Court records show that "at least 284 transactions resulted in more than $80 Million in victim losses." The defendants in this case, with their ages as of December 14, 2023, were named in an initial press release entitled: "Four Individuals Charged with Laundering Millions from Cryptocurrency Investment Scmas Known as 'Pig Butchering'"
- Lu Zhang - (36, of Alhambra) was sentenced to 24 months + $7,560,014 restitution
- Joseph Wong - (32, of Rosemead) was sentenced to 51 months + $7,560,014 restitution
- Justin Walker - (31, of Cypress) was sentenced to 30 months
- Hailong Zhu - (40, of Naperville, Illinois) has not been sentenced yet
- Daren Li, 41
- Yicheng Zhang (39, of China) (sentenced to 18 months and $1,047,226 in restitution)
Zhang's communications revealed "extensive coordination to facilitate the international money laundering, including chats discussing the commission structure for the network, various shell companies used, victim information, and at least one video from a co-conspirator calling a U.S. financial institution."
Daren Li is described as being "the leader of the syndicate." Daren used his Telegram id (@KG71777) to communicate with the Cambodia-based members of the conspiracy. (Daren's email was: [email protected]). In court documents, the primary USDT address of the conspiracy is referred to as "the TRteo" address (for the first five characters of the address.) While TRteo is not an uncommon prefix, there are certainly very few such addresses that have received in excess of $39 Million in deposits, much less the higher number mentioned in the press release of $341 Million! In fact, there is only one.
Chinese Blockchain intelligence company "BlockSec" blogged about that wallet on their QQ page. Using their tool, MetaSleuth, they were able to successfully identify the full wallet address, TRteottJGH5caJyy9qFuM8EJJGGCpDaxx6. The wallet became inactive on 29APR2024, but from its initial transaction on 16APR2021, more than $300 Million USD in more than 16,000 deposits flowed through that address, including transactions to and from HuionePay. BlockSec QQ PostBecause Daren Li is described as being in control of this USDT wallet, it is generally considered that he was the leader of this entire enterprise. In July 2022, a meeting was held in Phnom Penh of the top leadership. Daren Li, JingLiang Su, Shengsheng He, and Jose Somarriba were all present. Daren Li also controlled a Binance account that received at least $4.5 Million in USDT that originated from "Bahamas Account #2." He was also the source of funds to create that "Bahamas Account #2 at Deltec Bank by transferring $999,383 in USDT.
Jose Somarriba, Axis Digital, and Itemized Victim Losses Jose Somarriba (55, of Los Angeles) (sentenced to 36 months and $26,867,242.44 in restitution) is being held responsible for the losses from 174 victims. Those victims are listed by their initials and the dollar amounts that each had stolen from them. The average victim lost $154,409.44! (The median loss was $61,250.) The victims who had the most money stolen were in the amounts: $5,616,000; $2,340,000; and $1,030,279! Nine victims experienced a theft of $500,000 or more. (extract from loss amounts for 174 victims) Somarriba was a co-founder of Axis Digital, along with Shengsheng He and Jingliang Su. He was the one who opened the "Bahamas Account #1" at Deltec Bank which received $36.9 million in wire transfers from American bank accounts. He prepared fraudulent KYC forms to present to the banks as well as being primarily responsible for converting Deltec funds to USDT and transferring the funds to Cambodia via a USDT wallet referred to as "TRteo" in the court documents. Jingliang Su - the Dubai Connection The final of the linked cases is the case of Jingliang Su, (44, of China and Turkey). Su was sentenced to 51 months in federal prison and to pay $26,867,242.44 in restitution. Preferring the name "James," Su resided in Dubai. He was a director of Axis Digital and was a signatory to "Bahamas Account #1" at Deltec Bank. He is described as being "a citizen of China and St. Kitts and Nevis" and a resident of Cambodia, the UAE, and the People's Republic of China.The post Crypto-less Crypto Investment Scams: A California Case appeared first on Security Boulevard.