Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Money Laundering. Show all posts
money mules
Bank Accounts Cyber Fraud Financial Fraud Money Laundering money mules

Why Banks Must Proactively Detect Money Mule Activity



Financial institutions are under increasing pressure to strengthen their response to money mule activity, a growing form of financial crime that enables fraud and money laundering. Money mules are bank account holders who move illegally obtained funds on behalf of criminals, either knowingly or unknowingly. These activities allow criminals to disguise the origin of stolen money and reintroduce it into the legitimate financial system.

Recent regulatory reviews and industry findings stress upon the scale of the problem. Hundreds of thousands of bank accounts linked to mule activity have been closed in recent years, yet only a fraction are formally reported to shared fraud databases. High evidentiary thresholds mean many suspicious cases go undocumented, allowing criminal networks to continue operating across institutions without early disruption.

At the same time, banks are increasingly relying on advanced technologies to address the issue. Machine learning systems are now being used to analyze customer behavior and transaction patterns, enabling institutions to flag large volumes of suspected mule accounts. This has become especially important as real-time and instant payment methods gain widespread adoption, leaving little time to react once funds have been transferred.

Money mules are often recruited through deceptive tactics. Criminals frequently use social media platforms to promote offers of quick and easy money, targeting individuals willing to participate knowingly. Others are drawn in through scams such as fake job listings or romance fraud, where victims are manipulated into moving money without understanding its illegal origin. This wide range of intent makes detection far more complex than traditional fraud cases.

To improve identification, fraud teams categorize mule behavior into five distinct profiles.

The first group includes individuals who intentionally commit fraud. These users open accounts with the clear purpose of laundering money and often rely on stolen or fabricated identities to avoid detection. Identifying them requires strong screening during account creation and close monitoring of early account behavior.

Another group consists of people who sell access to their bank accounts. These users may not move funds themselves, but they allow criminals to take control of their accounts. Because these accounts often have a history of normal use, detection depends on spotting sudden changes such as unfamiliar devices, new users, or altered behavior patterns. External intelligence sources can also support identification.

Some mules act as willing intermediaries, knowingly transferring illegal funds for personal gain. These individuals continue everyday banking activities alongside fraudulent transactions, making them harder to detect. Indicators include unusual transaction speed, abnormal payment destinations, and increased use of peer-to-peer payment services.

There are also mules who unknowingly facilitate fraud. These individuals believe they are handling legitimate payments, such as proceeds from online sales or temporary work. Detecting such cases requires careful analysis of transaction context, payment origins, and inconsistencies with the customer’s normal activity.

The final category includes victims whose accounts are exploited through account takeover. In these cases, fraudsters gain access and use the account as a laundering channel. Sudden deviations in login behavior, device usage, or transaction patterns are critical warning signs.

To reduce financial crime effectively, banks must monitor accounts continuously from the moment they are opened. Attempting to trace funds after they have moved through multiple institutions is costly and rarely successful. Cross-industry information sharing also remains essential to disrupting mule networks early and preventing widespread harm. 

Read more »
TradeOgre
Canada cryptocurrency Cyber Security Europol KYC Money Laundering Scams TradeOgre

Canadian Police Seize $40M in Digital Assets After Closing TradeOgre

 


Canadian police have shut down the cryptocurrency trading platform TradeOgre and seized digital assets valued at more than $40 million USD, marking both the country’s largest cryptocurrency seizure and the first time a crypto exchange has been dismantled by national law enforcement.


A Platform Built on Anonymity

TradeOgre was a small but notable exchange that allowed users to trade niche digital currencies, including Monero, which is popular for its privacy features. The platform stood out for avoiding Know Your Customer (KYC) checks, meaning people could open accounts without providing identification. According to the Royal Canadian Mounted Police (RCMP), TradeOgre also failed to register as a money services business with FINTRAC, Canada’s financial watchdog. These gaps made the exchange appealing to those seeking anonymity but also raised red flags for regulators.

The case began in June 2024, when Canada’s Money Laundering Investigative Team (MLIT) opened a probe after receiving intelligence from Europol. Investigators relied on blockchain tracing tools to track wallet activity linked to the platform. In July 2024, TradeOgre suddenly went offline without any announcement from its operators, fueling rumors among users that it had carried out an “exit scam.” Authorities later confirmed that the takedown was part of their enforcement action.


Why Authorities Took Action

The RCMP said TradeOgre was operating illegally in Canada because it was unregistered and allowed anonymous trading. Investigators suspect the site was used by criminals to launder illicit funds, taking advantage of Monero and other privacy-focused coins. However, officials stressed that not all customer funds were necessarily linked to crime.

In a statement, the RCMP clarified that they could not confirm whether the seized assets came from specific crimes such as extortion. They also noted that details about the exact sources of the money could not be released at this stage.


Fallout and Reactions

The sudden seizure left many users cut off from their funds. Some, including well-known crypto community members like Taylor Monahan of MetaMask, criticized the move, arguing that innocent users had their assets frozen without warning. “Very much looking forward to seeing the evidence… and for you to provide recourse to ALL innocent parties,” Monahan wrote on social media.

The RCMP responded that individuals who believe their funds were legitimate may seek remedies through the Canadian court system if the assets are subject to forfeiture proceedings. The agency added that any inquiries about the seized cryptocurrency should be directed to the MLIT.


A Warning for Crypto Users

Authorities emphasized that this case shows the risks of using unregulated exchanges. While anonymity may appeal to some traders, platforms that avoid oversight expose customers to legal uncertainty, sudden shutdowns, and loss of access to funds.



Read more »
Underground economy
Bank Account Fraud Cyber Fraud CyberCrime financial scams KYC Compliance Money Laundering Underground economy

Brokers Fuel Underground Market for Bank Accounts in India

 


An undercover investigation of India's financial ecosystem has revealed that a troubling black market is quietly emerging - a market where bank accounts are traded just as casually as consumer goods. Undercover investigations have revealed that there is a thriving network of brokers who sell unlicensed accounts for as little as ₹7,000, exposing unsuspecting citizens to grave risks. 

The accounts are often created without the knowledge of the individual by using their personal credentials. These accounts are then resold to cybercriminals and used to perpetrate online scams, launder money, and circumvent financial regulations, thereby undermining the integrity of the country’s banking system. When these tools are in the hands of fraudsters, they become powerful instruments to perpetrate online scams, launder illicit money, and circumvent financial regulations. 

It is well known that the purchase, sale, or rental of bank accounts constitutes a serious criminal offence and that authorities have repeatedly warned about this fact. If an account is found to be operated by someone other than its legitimate holder, or if a transaction is associated with illegal activity, a financial institution has stated that immediate action will be taken, including suspending or terminating the account without advance notice, as well as escalating the matter to the appropriate authorities. 

According to investigators, these accounts are extremely valuable resources for criminal networks, who can rely on them in order to commit bank transfer scams, launder illicit funds, and bypass regulatory oversight. It is crucial to note that, even if individuals allow their accounts to be misused unintentionally, they will likely face legal consequences, since the law does not excuse negligence when it comes to financial crimes. 

In addition, the investigation revealed that there are structured rate cards for the underground market, with prices determined by the transaction limits of individual accounts. As a matter of fact, accounts with a limit of one lakh transactions are often sold for around $18,000, whereas those with a limit of one lakh transactions can sell for as much as $60,000 at the higher end. 

At the top end, accounts capable of performing transactions up to a crore can fetch a staggering amount of $ 6 lakhs, while accounts with a limit of five crores will fetch up to $30 lakh. There is a particularly keen interest among fraudsters orchestrating investment scams, call centre frauds, and cryptocurrency-related money laundering schemes to establish these high-limit accounts because they facilitate the transfer of large amounts of money without the immediate scrutiny of an immediate bank. 

The experts at the World Economic Forum have identified the vulnerability of account opening through Business Correspondent (BC) points as one of the major enablers of this illegal trade, and in particular, the lack of appropriate physical verification often allows fraudulent accounts to slip through the cracks. According to Dr. R.S. Lohia, former executive director of a nationalised bank, criminals are exploiting the lack of rigorous Know Your Customer (KYC) enforcement as a critical weakness. 

In order to dismantle this illicit economy, it is urgent that the regulatory oversight and banking surveillance be tightened. According to the investigation, this underground market operates based on a structured rate card, which determines the price of goods and services based on the transaction limit of every individual. Depending on the amount of transactions allowed, the price will vary between $18,000 and 60,000 for an account with a $1.5 lakh limit on transaction amounts, while an account with a $25 lakh limit will bring you $60,000.

On the higher end, accounts allowing transactions of up to $1.5 crore can be sold for around $6 lakh, and one allowing transactions of up to $5.5 crore can be sold for upwards of $30,000. There is a particularly keen interest among fraudsters orchestrating investment scams, call centre frauds, and cryptocurrency-related money laundering schemes to establish these high-limit accounts because they facilitate the transfer of large amounts of money without the immediate scrutiny of an immediate bank. 

The experts at the World Economic Forum have identified the vulnerability of account opening through Business Correspondent (BC) points as one of the major enablers of this illegal trade, and in particular, the lack of appropriate physical verification often allows fraudulent accounts to slip through the cracks. 

As the former Executive Director of a nationalised bank, Dr. Lohia expressed the concern that there is a critical weakness that criminals exploit due to the lack of stricter Know Your Customer (KYC) enforcement. It is therefore imperative that regulatory oversight is tightened and banking surveillance is strengthened in order to dismantle this illegal economy. According to the findings of this investigation, more problems lie beyond just an underground trade in bank accounts — these problems expose deep vulnerabilities in the country's financial security system. 

According to experts, if there is no immediate action taken to correct the unchecked proliferation of these accounts, public trust could be undermined in banking institutions, and cybercriminals might be encouraged to scale up their operations even further if it continues unchecked. In their opinion, the challenge is not simply to dismantle broker networks, but also to strengthen compliance mechanisms, improve accountability in account opening processes, and make sure that regulatory vigilance is as sophisticated as the emerging financial crimes that are taking place. 

With the rapid increase in digital transactions, the importance of safeguarding banks' channels has only increased. If we don't take decisive action, the black market for bank accounts will be a permanent parallel system, which will threaten the economy and the lives of ordinary citizens who will unwittingly end up entangled in criminal networks, threatening both economic stability and security.
Read more »
Samourai Wallet
Blockchain cryptocurrency Cyber Crime DOJ Money Laundering Samourai Wallet

‘Samourai’ Cryptomixer Founders Admit to Money Laundering Charges

 


Two executives behind a cryptocurrency service called Samourai Wallet have admitted in court that they helped criminals hide more than $200 million.

Keonne Rodriguez, the company’s CEO, and William Lonergan Hill, its chief technology officer, pleaded guilty to conspiracy charges in the United States. Both men admitted they had knowingly operated an unlicensed money-transmitting business that was used to clean illegal funds.

Under the law, Rodriguez and Hill face a maximum prison sentence of five years each, along with financial penalties. They will also have to give up more than $200 million as part of their plea deal.

The U.S. Department of Justice (DOJ) had first arrested the pair in April last year. Prosecutors accused them of two main crimes: running a business without the required license and laundering money, a serious charge that can carry up to 20 years in prison.

Authorities say the two executives built Samourai in 2015 with tools designed to make it harder to track money on the blockchain, which is the public digital record of cryptocurrency transactions.

Samourai’s services worked in two main ways:

• Whirlpool: A mixing feature that bundled together Bitcoin transactions from multiple users. This made it harder to trace where the money originally came from.

• Ricochet: A tool that added extra steps called “hops” between the sending and receiving addresses. This technique was meant to confuse investigators and disguise the money trail.

Prosecutors explained that these tools were heavily used by cybercriminals. They were linked to proceeds from online thefts, drug trafficking, and fraud schemes. According to the DOJ, the scale of activity was massive: between 2017 and 2019, over 80,000 Bitcoin flowed through Samourai’s services. At the time of those transactions, the total value was estimated at more than $2 billion.

While the company portrayed itself as offering privacy, federal investigators say it profited directly from crime. Samourai’s mixing services alone generated more than $6 million in fees for Rodriguez and Hill.

Speaking about the case, U.S. Attorney Nicolas Roos emphasized that when cryptocurrency platforms are abused for crime, it damages public trust and puts pressure on legitimate companies trying to operate within the law.

The case underlines how regulators are cracking down on cryptocurrency “mixers,” services that blend together digital transactions to hide their origins. While privacy is one of cryptocurrency’s appeals, officials warn that these tools often provide cover for large-scale money laundering.

Read more »
Money Laundering
cryptocurrency Cyber Security CyberCrime Dark Web Elon Musk FBI international cybercrime operation Money Laundering

FBI Operated ElonmuskWHM: Undercover Money Laundering Site That Handled $90M in Crypto

 

In a bold and controversial move, the FBI operated a money laundering platform on the dark web under the alias “ElonmuskWHM,” aiming to infiltrate the criminal ecosystem it served. According to an investigation by 404 Media, the FBI’s undercover cybercrime operation lasted nearly 11 months and facilitated close to $90 million in cryptocurrency transactions. 

The ElonmuskWHM site allowed cybercriminals—including drug traffickers and hackers—to convert illicit cryptocurrency into cash, often mailed discreetly to customers across the country. In exchange, the operator took a 20% fee. The service, regularly advertised on forums like White House Market (WHM), offered anonymity and required no form of identity verification—making it a go-to laundering tool for bad actors avoiding mainstream exchanges like Coinbase or Binance. 

A 404 Media review of court documents and online evidence confirmed the FBI’s direct role in running the site following the arrest of its original operator, Anurag Pramod Murarka, a 30-year-old Indian national. Murarka was eventually sentenced to over 10 years in prison. During its covert management, the FBI used the ElonmuskWHM site to investigate major crimes including drug trafficking, hacking schemes, and even a violent robbery in San Francisco. 

This FBI crypto sting is part of a broader pattern of law enforcement embedding within the digital underworld. Similar tactics were used in previous operations like Trojan Shield, where the agency ran a fake encrypted phone company named ANOM, secretly monitoring global criminal communications. Another example includes the infiltration of the ransomware group “Hive,” enabling the FBI to intercept communications and disrupt attacks. While effective, the ElonmuskWHM sting also sparked privacy concerns. Court documents reveal that the FBI requested data from Google identifying every user who watched a specific YouTube video, raising red flags about surveillance overreach and potential constitutional violations. 

Still, authorities defend such undercover cybercrime strategies as essential to understanding and dismantling complex digital criminal networks. Gabrielle Dudgeon, spokesperson for the U.S. Attorney’s Office, noted that the operation directly supported multiple federal prosecutions and investigations. As cybercrime becomes increasingly sophisticated, law enforcement agencies are evolving too—blurring ethical lines in the process. The ElonmuskWHM operation underscores the high-stakes chess match between digital criminals and those tasked with stopping them.
Read more »
U.S. law enforcement
Cryptonator German law enforcement Laundering Money Laundering ransom payments seized stolen cryptocurrency Technology U.S. law enforcement

Cryptonator Seized for Laundering Ransom Payments and Stolen Cryptocurrency

 

U.S. and German law enforcement have taken down the domain of Cryptonator, a cryptocurrency wallet platform allegedly used by ransomware groups, darknet marketplaces, and other illegal services. The platform's operator, Roman Boss, has been indicted on charges of money laundering and running an unlicensed money service business.

Cryptonator, established in 2014, allows users to store and exchange various cryptocurrencies within their personal wallets. However, according to blockchain investigation firm TRM, Cryptonator did not implement necessary anti-money laundering controls, enabling anonymous or pseudonymous users to conduct illicit activities.

The primary domain "cryptonator.com" now displays a seizure notice. The operation involved the U.S. Department of Justice, the FBI, the IRS:CI, the National Cryptocurrency Enforcement Team, the German Federal Criminal Police Office (BKA), and the Attorney General's Office in Frankfurt am Main.

Between 2014 and 2023, Cryptonator wallet addresses reportedly engaged in significant transactions, including:

- $25 million with darknet markets and fraud shops
- $34.5 million with scam addresses
- $80 million with high-risk exchanges
- $8 million with ransomware-associated addresses
- $54 million with hacked and crypto theft operations
- $34 million with illegal cryptocurrency mixers
- $17 million with sanctioned addresses

TRM links Cryptonator's transactions to entities such as Hydra Market, Blender.io, Finiko, Bitzlato, Garantex, Nobitex, and an unidentified terrorist group. The U.S. government has previously sanctioned Hydra Market, Bitzlato, Garantex, and Blender.io.

The Department of Justice's complaint alleges that Cryptonator's account creation process, requiring only an email and password, failed to comply with know-your-customer (KYC) regulations. It also accuses Boss of facilitating illicit activities, including discussions about supporting cryptocurrencies popular in darknet markets, such as Monero, and offering API key integrations for illegal platforms.

The complaint seeks penalties for money laundering, operating an unlicensed money service business, injunctions against Boss, damage relief, and asset seizures. The DOJ revealed that Cryptonator processed over $235 million in illicit funds.
Read more »
North Korea Hackers
Asian Payment Firm Cryptoc Cyber Crime Money Laundering North Korea Hackers

Lazarus Hacking Group is Using Asian Firms to Launder Stolen Crypto

 

Cambodian payments company received crypto worth over US$150,000 from a digital wallet employed by North Korean hacking group Lazarus, blockchain data shows, a glimpse of how the criminal outfit has laundered funds in Southeast Asia. 

Huione Pay, based in Phnom Penh and offers currency exchange, payments and remittance services, received the crypto between June 2023 and February this year, according to the previously unreported blockchain data reviewed by Reuters. 

The crypto was transferred to Huione Pay from an anonymous digital wallet that, according to blockchain experts, was used by a hacking outfit to deposit funds stolen from three crypto firms in June and July 2023. 

The United States' Federal Bureau of Investigation said in August last year that Lazarus stole US$160 million from the crypto firms: Estonia-based Atomic Wallet and CoinsPaid; and Alphapo, registered in Saint Vincent and the Grenadines. 

They were the latest in a series of heists by Lazarus that the US said was funding Pyongyang's weapons programmes. Cryptocurrency allows North Korea to circumvent international sanctions, the United Nations has said.

The crypto might have assisted the regime pay for banned goods and services, according to the Royal United Services Institute, a London-based defence and security think tank. 

Huione Pay's board said the company had not known it "received funds indirectly" from the hacks and cited the multiple transactions between its wallet and the source of the hack as the reason it was unaware.

Rhe wallet that sent the funds was not under its management, Huione added. 

Huione Pay — whose three directors include Hun To, a cousin of Prime Minister Hun Manet — refused to elaborate why it had received funds from the wallet or provide details of its compliance policies. The firm stated Hun To's directorship does not include day-to-day oversight of its operations. The National Bank of Cambodia (NBC) said payments companies such as Huione weren't allowed to deal or trade in any cryptocurrencies and digital assets.

US blockchain analysis firm TRM Labs told Reuters that Huione Pay was one of a number of payment platforms and over-the-counter brokers that received a majority of the crypto stolen in the Atomic Wallet hack. Brokers connect buyers and sellers of crypto, offering traders a greater degree of privacy than crypto exchanges. 

TRM also said the attackers conceal their tracks by converting the stolen crypto via a complex laundering operation into different cryptocurrencies, including tether (USDT) — a so-called "stablecoin" that retains a steady value in dollars.
Read more »
Mule Accounts Menace
Cyber Attacks CyberCrime Cyberhackers Cybersecurity CyberThreat Money Laundering Mule Accounts Menace

Unveiling the Mule Accounts Menace in Modern Money Laundering

 


In a recent statement, a member of the RBI's board of governors has urged banks to step up efforts against mule accounts. According to Piyush Shukla, money mules in India do much more than move money. A MULE ACCOUNT IS a bank account that receives funds from illegal activities and then transfers those funds to other accounts, thus serving as a bridge for money laundering and other illegal practices to take place. 

It is not uncommon in India to come across people who are opening mule accounts based on their bank accounts that they are offering in place of money as payment. The account holder's onboarding process is not automated in this way, which makes it more difficult to detect such accounts. Even though there are ways to put a stop to these accounts, the right controls and monitoring of the user's behaviour throughout the lifecycle of the account can be employed to give the user the greatest protection. 

Last November it was reported about the arrests of six people in Bengaluru about the alleged operation of 126 mule accounts. There has been raised concern by the Reserve Bank of India (RBI) earlier this week regarding certain banks having a huge number of fraudster accounts used for fraudulent transactions and loan evergreening by their customers. In a move to curb digital fraud, Shaktikanta Das, the governor of the Reserve Bank of India, has directed banks to crack down on the use of mule accounts as well as increase customer awareness and education initiatives.

Money mules can be generally categorized into five different kinds based on their level of complicity in a money laundering scheme and the way they are employed. A victim mule is a person who is unaware, for example, that his account has been compromised and that it is being abused by a fraudster who wants to launder money through his account. An incident of data breach most likely resulted in the victim's account details being leaked. 

Money mules can also come in the shape of misled parties, who are misled into sending and receiving money on behalf of fraudsters, believing that the money they are sending and receiving is clean. It is not uncommon for mules to respond to job advertisements they find interesting, and they respond to one or more of them that involve them executing transactions on behalf of the employers. One of the most common types of money mules is the deceiver. He or she opens new accounts by using stolen or synthetic identities to send and receive stolen funds. 

One way in which money is mulled is through the use of "peddlers", or people who sell their information to fraudsters, who then use that information to send and receive stolen funds. Mules can also be accomplices, who can open a new account in his name or use an existing one to send and receive funds at the direction of a fraudster, who instructs him to do so. In the study conducted by BioCatch, a digital fraud detection company, it was revealed that nine out of ten accounts were undetected as mule accounts by one of its Indian partners. 

During the first month of documented mule account activity, 86% of the sessions that were posted from within India were documented, however after a month those numbers dropped to just 20%, and 16% of those sessions were using a VPN to access such accounts. Although most of the activity in mule accounts happens in Bhubaneswar—15% —Lucknow and Navi Mumbai are each responsible for 3.4% of the activity. Two cities in West Bengal, Bhagabatipur and Gobindapur, recorded 1.7% and 2.6% of mule account activity, respectively. In comparison, Mumbai and Bengaluru reported 2.2% and 1.8% of such activity, respectively. 

To help customers prevent their bank accounts from becoming mule accounts, the following practices are recommended: 
1. Treat all unexpected communications, especially those offering lucrative, effortless jobs, with scepticism. 
2. Unrealistically high payments for straightforward tasks should raise alarms. 
3. Be wary of job offers with ambiguous descriptions and responsibilities, particularly if money transfers are involved. 
4. Scammers often pressure customers into making swift decisions, such as hurriedly confirming their identity or claiming a reward. Customers must pause and assess their demands carefully. 
5. Be extremely cautious while using unconventional payment methods, such as gift cards or virtual currencies. 

 In October 2023, the Reserve Bank of India (RBI) tightened the customer due diligence (CDD) norms by instructing banks and regulated entities to adopt a risk-based approach for periodic updating of know-your-customer (KYC) data. According to the latest Master Directions, the risk-based approach for periodic updating of KYC has been amended to state: “Registered Entities (REs) shall adopt a risk-based approach for periodic updating of KYC, ensuring that the information or data collected under CDD is kept up-to-date and relevant, particularly where it is high-risk.” 

Furthermore, the Master Directions emphasize that instructions on opening accounts and monitoring transactions should be strictly adhered to, to minimize the operations of money mules. These mules are used to launder the proceeds of fraud schemes, such as phishing and identity theft, by criminals who gain illegal access to deposit accounts. 

Banks are required to undertake diligence measures and meticulous monitoring to identify accounts operated as money mules, take appropriate action, and report suspicious transactions to the Financial Intelligence Unit.
Read more »
Subscribe to: Comments (Atom)