Man stole bitcoin by phishing individuals on the dark web

Are you protecting your users and sensitive O365 data from being leaked? Learn how Specops Authentication for O365 can help.

Michael Richo, a 35-year-old from Connecticut, had the brilliant idea of stealing bitcoin from people involved in illegal deals through dark web marketplaces.

dark web phishing

Perhaps he thought that he would be safe from law enforcement if he stuck to robbing potential criminals but, as it turns out, he was wrong.

Richo’s modus operandi was as follows:

He created fake login pages for various online marketplaces, and posted links to them on a number of dark web forums. When individuals attempted to log in, they effectively handed their username and password to the man.

Richo monitored these accounts and once the victims deposited bitcoins with the real marketplace, he withdrew the bitcoins to his own bitcoin wallet before the individual could spend them.

He then sold the stolen bitcoins to others in exchange for US currency, which was deposited into bank accounts he controlled or was provided to him through Green Dot Cards, Western Union transfers, and MoneyGram transfers.

This last step of the scheme is what lead the investigators to him. When he was arrested, they found over 10,000 stolen user credentials on his computer. It is estimated that he managed to steal over $365,000 through his scheme.

Richo was charged late last year with access device fraud, computer fraud, wire fraud, identity theft and money laundering offenses, and released on bail. He pleaded guilty to one count of access device fraud and one count of money laundering on June 27. He’ll be sentenced on 28 September 2017.

As part of his plea agreement, he has agreed to forfeit various computers and electronic devices, an assortment of precious coins and metals, and the $365,000 he stole.