Bitcoin Suspect Could Shed Light on Russians Targeted by U.S.

Register now

A cryptocurrency expert languishing in a Greek jail may have a vantage point on a tantalizing issue — how Russians in U.S. Special Counsel Robert Mueller’s crosshairs used Bitcoin to obscure their money trail.

The expert, Russian citizen Alexander Vinnik, was detained last year after U.S. prosecutors in San Francisco accused him of supervising a digital-currency exchange that helped criminals launder billions of dollars. That exchange, according to cryptocurrency analysis firm Elliptic, handled some Bitcoins traced to Fancy Bear, a hacking unit. Fancy Bear is one of the names for the Russian military intelligence officers who Mueller separately accuses of stealing and releasing Democrats’ emails to sway votes in the 2016 elections.

Three countries are fighting to extradite Vinnik: Russia, France and the U.S. The link outlined by Elliptic could explain why — and why Russia has threatened retaliation against Greece if it hands him over to one of the others.

The next turn in the Greek matter comes Tuesday. The country’s Supreme Court is set to rule on extradition requests from France and Russia, which both allege that Vinnik committed cybercrimes against their citizens.

Hacker Insights
Vinnik is one of multiple Russian hackers indicted by the U.S., some of whom could provide insights into Russian cybercrime beyond their individual cases.

Yevgeniy Nikulin, who was extradited from the Czech Republic and is charged in San Francisco with hacking LinkedIn and Dropbox in 2012, is of interest in the U.S. probe of election meddling, a Justice Department official said last week. Peter Levashov, a Russian programmer who has claimed he worked for Vladimir Putin’s ruling party, is charged in Connecticut with cybercrimes linked to spamming.

Vinnik denies the U.S. money-laundering accusations, according to his lawyer, Ilias Spyrliadis. He had no control over the $9 billion worth of Bitcoin that U.S. prosecutors in San Francisco say ran through BTC-e, the cryptocurrency exchange, the lawyer said.

Vinnik won’t comment on the Russian fraud accusations, Spyrliadis said, and he denies the French charges including money laundering. Still, as an alternative to extradition, Vinnik has offered to work with Greek and possibly other authorities from his current location, the lawyer said.

In the San Francisco case, the U.S. says that Vinnik and BTC-e catered to cybercriminals and allowed them to launder criminal proceeds from Bitcoin and other digital currencies and turn them into cash. The exchange didn’t vet customers, letting them move money in and out anonymously. To set up an account, according to the indictment, all a person needed was a username, password and email address, which often bore no relationship to the identity of the user.

That sort of service matches a description by Mueller of how the Russian military intelligence officers layered transactions through cryptocurrency exchanges to maintain anonymity when they bought time on servers they used to launch attacks.

Bitcoin Transfer
Elliptic used details provided in the indictment, such as a transfer of exactly 0.026043 Bitcoin on Feb. 1, 2016, to search the electronic register of all Bitcoin transactions -- known as the blockchain -- to find specific payments. It then used software it has developed to identify the origin of the funds for those transactions.

“There was a strong link between much of the funds allegedly used by the Fancy Bear group and BTC-e," said Tom Robinson, Elliptic’s chief data officer. “What I can’t say for certain is whether Fancy Bear obtained them directly from BTC-e, or whether there was an intermediary."

Vinnik couldn’t have known who, really, was using the platform, Spyrliadis said. While Vinnik was an expert working for BTC-e he was “in no way running it,” the lawyer said.

"Mr. Vinnik could sometimes see a passport and ID when performing the transactions, but was in no place to know whether this person was using a fake ID, whether he or she was wanted by Interpol or involved in anything," he said.

The U.S. has been trying to get its hands on Vinnik for more than a year. Greece’s Supreme Court ruled in December that he could be extradited to the U.S. to face the charges in San Francisco. But the process has been stalled by the requests from Russian and France. Greece’s Supreme Court may well approve both the French and Russian requests, Spyrliadis said.

That would punt the decision to Greece’s new justice minister. Before coming to any resolution on extradition, the Greek justice ministry will also need to examine a political asylum request by Vinnik. A justice ministry spokeswoman said the minister couldn’t comment on the case as he has just assumed his post.

Open the Door
A cooperating Vinnik would open the door to the U.S. gaining strategic information on Russian hackers, said Arkady Bukh, the lead attorney defending Nikulin. Getting access to emails, names and bank accounts related to Russian hacking is what Vinnik’s case in the U.S. is really about, said Bukh, who isn’t representing Vinnik.

Cryptocurrency exchanges are “extremely important and of great interest to the U.S.," said Bukh, who added that he had been in touch with Vinnik’s friends about getting him legal representation outside of Greece.

But first, the U.S. would have to get its hands on Vinnik, something Russia appears dead set against.

A Greek regional court approved the French extradition request in July. Russia immediately lashed out at the country: “It is obvious the Russia cannot leave these actions unanswered,” its Foreign Ministry warned in the statement.

Later that same day, July 13, Mueller rolled out his indictment against the Russian military intelligence officers.

Bloomberg News