Tether Wallet Phishing App and Subsequent Laundering of Funds onto Binance and Bittrex?

Binance money laundering app with thether
Istvan Cocron of CLLB

Istvan Cocron
 CEO and Founder of CLLB
 Cyber Fraud and Financial Crime Law – a report on behalf of a client.
CLLB represents harmed victims whose funds were stolen by crypto exchanges via the “Simplyfywallets.com” app and other phishing apps.


The Resulting Situation

On Friday the 23rd of November, 2018, a CLLB client downloaded the iPhone Tether wallet app from “Simplify” which was published using the false corporate name of “Global Blockchain Mining Corp”. It turned out that the app was used as an illicit means for theft and money laundering scheme via Binance and Bittrex accounts. A total of $22,436 USDT was stolen from said client’s wallet. The laundering techniques were not particularly complicated and the funds were fairly easy to trace. In the case of Binance there was only one intermediate wallet between our client’s wallet and the illicit Binance exchange wallet which received $7,436 USDT. For Bittrex, a slightly more complicated scheme was implemented but ultimately only 3 intermediate wallets were used to move stolen funds in the amount of $15k USDT onto the thieves wallets. Bittrex is on US soil with ostensibly strict anti-money laundering laws. None the less, the entire fraud and subsequent theft is quite bold and marks a new era of scams in the cryptosphere.

Warning: Researches of CLLB showed that the fictitious company Global Blockchain Mining Corp has also released iPhone wallets for Iota and Neo and claims to be in the process of releasing other wallets too. CLLB believes these are all scam wallet apps.

Toxic Tether Wallet published by fake company
Toxic Tether Wallet published by a fake company

Our client downloaded the toxic wallet from iTunes App store on November 23rd, 2018. Private keys were given to him for the wallet (and note he lives alone and did not share this with anyone until now). The wallet has been verified as drained of all funds. The client sent a complaint email to support@simplifywallets.com before the wallet was hacked that he was unable to send money using the wallet(there was no response initially). One hour later at 12:22 pm on November 25th the total amount of more than USD 22,000.00 was stolen from the wallet. Our client, the victim, took a screenshot of the phone – it showed an unauthorized transaction to an unknown wallet. Note that all the received funds were from gate.io and his attempts to send money back were only to gate.io as he was going to sell some USDT there. The client has no accounts with Bittrex or Binance. The client then immediately contacted the police and subsequently CLLB.

The Incident

Our client downloaded the toxic wallet from iTunes App store on November 23rd, 2018. Private keys were provided to him for the wallet (and note he lives alone and did not share this with anyone until now). The wallet has been verified as drained of all funds. On November 25, 2018, the client sent a complaint email to support@simplifywallets.com because he was unable to send funds using the wallet (there was no response initially).

One hour later at 12:22 pm on November 25th the wallet was hacked and the total amount of more than USD 22,000.00 was stolen. Our client, the victim, took a screenshot of the phone – it showed an unauthorized transaction to an unknown wallet. Note that all the received funds on the wallet came from gate.io. The client has no accounts with Bittrex or Binance. Immediately after the theft, our client contacted the police and subsequently CLLB.

Follow up complaints were sent to the email address above. Surprisingly the client received a response but claiming only they could have sent the money. This is almost certainly false given the previous attempts to send USDT from the app and email above claiming the send function wasn’t working as well as the other cases of fraud committed by this app (see press article below).

Evidence That iPhone App is Fraud

The following article on Market Watch was released by Global Blockchain Mining Corp (Subsidiary ofGlobal Blockchain IO) disclaiming ownership of the app and that they hadreceived multiple fraud complaints regarding it (Corporate Identity Theft):

Global Blockchain Mining Corp.: Cautionary Warning Regarding Suspected Phishing by Tether Wallet Application

“We are appalled to discover that our Company’s name and goodwill has been misused for fraudulent purposes, and we are actively investigating this, with the immediate priority being the removal of this application from the App Store, to ensure no additional persons are defrauded,” said Shidan Gouran, President and CEO of FORK

Money Laundering Evidence

Money laundering tends to follow certain patterns. For instance, money is often transferred between intermediate accounts in distinct increments over a short period of time to a final destination account instead of simple direct large sum transfers. As an example, $5k transfers were made between intermediate wallets and Bittrex exchange multiple times – 3 times between one wallet and another and then 3 times again from that wallet to the exchange. This implies coordination between the wallets and a desire to quickly move money but not in too high amounts or simply for obfuscation.

Figure 1 below shows the flow of laundered funds which CLLB has verified using transactions from the Omni Network. The movement of funds is illogical from an ownership perspective while the symmetry of movement between accounts strongly suggests coordination of the wallet/account owners. This all took place in under a day from 12:22 PM on November 25th to 6:58 AM on November 26th2018 looking at the time stamp of transactions. One tranche made its way to Bittrex and another to Binance.

thether-theft
Figure 1 – Laundered Wallet Movement from Initial iPhone Hack to Exchanges. Lines Indicate Flow of Money from Left to Right. All transactions have been verified by CLLB.

Follow Up by CLLB

In the case of Bittrex, under US law stolen and/or laundered money is subject to seizure and return to the rightful owner regardless of the receiving account. Banks that carry laundered money can have their funds seized and forcibly returned regardless if those stolen funds still exist in the bank as the bank took the laundered money and obfuscated it with other funds. This is the risk cost of doing business with customers who were not properly vetted (“Know Your Customer”). Because Bittrex supports crypto-to-USD conversion it is effectively a bank. Because USDT (which is equivalent 1-to-1 with USD) was laundered there it means it is treated as good as cash. Therefore, the money should be returned.

In the case of Apple, a legal case has been initiated. Contacting support to ask them to remove the application has been unsuccessful and it still remains on their suggested list of Tether wallets sitting at #2. The truth is that Apple may no longer be a trusted source for mobile apps particularly regarding crypto wallets. This is somewhat of a new precedence as Apple has maintained in the past that it would always vet iPhone apps to insure no customer is harmed. In this case, it seems that Apple did not do any vetting whatsoever. They did not even verify the identity of the application developers and allowed them to use a stolen corporate identity to release the app. Admittedly a hardware wallet should have been used however there are many trusted app wallets that are used every day on iPhones such as Breadwallet (Bitcoin) and Cake Wallet (Monero). It is said regarding iPhone apps that their vetting process is meant to be thorough – so what happened in this case? Who dropped the ball? The iPhone app submissions page is here and asks for information such as US Tax codes and BankInformation.

Binance and Bittrex have remained tight-lipped. They have attempted to close support and compliance tickets in spite of the flow of stolen USDT onto their exchange. Binance responded to the client that the funds would be untraceable and would not be worth pursuing in spite of the fact that only one intermediate staging wallet was used in their case before selling onto the exchange. Interestingly, we have had some correspondence with the Chief Compliance Officer at Bittrex. He stated in an email exchange that he saw no clear relationship between the theft wallet and the customer that ultimately received the funds on Bittrex. This is quite a surprising response given the data shared above and Bittrex’s stated goal of being free of laundered money:

Other exchanges, including U.S.-based Bittrex, say they follow federal guidelines. Among other things, Bittrex says it examines where funds originated and how many intermediary wallets they passed through before arriving.

Still, the Journal found that $6.3 million in funds from apparent criminal activity flowed into Bittrex. Some of that was confiscated by law enforcement, for example in the case of a man who recently pleaded guilty to selling drugs and laundering money.”

www.wsj.com: How Dirty Money Disappears Into the Black Hole of Cryptocurrency (link)

This case marks a new precedence in crypto crime and money laundering that should warrant more scrutiny from regulatory and police authorities. The scammers and criminals are getting more aggressive with each passing year and there may be collusion that is not yet fully understood. Consumer protection is non-existent in spite of the traceability of the stolen funds.  Naturally, there is a lesson here regarding the susceptibility of software wallets to phishing however we will continue to pursue the matter along with police and regulatory agencies until a full refund is given due to the bold nature of the crime and liability on the part of Apple, Binance, and Bittrex.

Get in Contact

In case you would like to get in contact with the author and lawyer Istvan Cocron:

  • LinkedIn: Istvan Cocro: link
  • CLLB website: link