Assisting in Bitcoin Purchases for Ransomware May Be Illegal in the US
‘White hat’ security consultant, Vinny Troia, had his Coinbase account suspended for breaching US regulations by paying cyber-ransoms, amidst growing concerns that US anti-money laundering legislation needs to be updated for the cryptocurrency era.
Troia Was Unable to Provide U.S. Department of Justice Authorization for His Activities, Resulting in the Suspension of His
Coinbase Account
Night Lion Security employee Vinny Troia was recently contacted and questioned about the purpose of his account with Coinbase. Troia’s employment sometime required him to pay ransoms on behalf of clients who had been the victim of ransomware attacks such as Wannacry – which recently had a severe impact upon businesses and institutions across the globe.
When Troia was unable to provide U.S. Department of Justice authorization for his activities, Coinbase suspended his account. Troia attempted to open new accounts under the identities of family members, which were also quickly shut down.
The suspension was due to Troia sending of funds to a malicious illegitimate entity – which is considered to be in violations of Coinbase policies intended to ensure anti-money laundering and other anti-criminal regulations.
Lawmakers Have Failed to Take Into Account the Changing Internet Landscape Borne of Cryptocurrencies
In another example, a superseding indictment filed in December 2016 charged the owner of Coin.mx for violating federal anti-money law, with prosecutors stating that the defendant “knowingly processed and profited from numerous Bitcoin transactions conducted on behalf of victims of ransomware schemes.”
The case satisfied 18 U.S.C 1960’s prohibition against the “transmission of funds that are known to the defendant to have been derived from a criminal offense or are intended to be used to promote or support unlawful activity[.]” Although the defendant pleaded guilty to a number of the charges laid against him, the case saw the defendant charged for providing assistance to victims of ransomware in accessing bitcoins – which violated legislation from 1960.
Instances such as this illustrate that lawmakers have failed to take into account the changing internet landscape borne of cryptocurrencies, and highlights the need for legislation that is adaptive to the changing landscape of the industries that embrace cryptocurrency – including cybercrime.
Fortunately, the FBI has issued statements that recognize that “businesses… [may be] faced with an inability to function” in the event of a ransomware attack, suggesting that businesses choosing to do so will not be punished. The fate of the exchanges that facilitate the purchasing of bitcoin for such ends is far less clear, signaling the drastic need for regulators to adapt legislation to the changing practices of both legitimate and illegitimate actors within the cryptocurrency economy.
It is weird to see how the law keeps on failing to catch up to the new levels of reality as they have been provided by bitcoin and other cryptocurrencies. We will probably see more of these things before it gets any better. Have fun out there and good luck with your future posts!
Tks you