Is Binance safe-house for hackers, fraudsters and drug traffickers?

Is Binance safe-house for hackers, fraudsters and drug traffickers?

For five years, the world’s largest cryptocurrency exchange Binance served as a conduit for the laundering of at least $2.35 billion in illicit funds, a Reuters investigation has found.

Advertisement
Reuters
  • Jun 7, 2022,
  • Updated Jun 7, 2022 9:20 AM IST

In September 2020, a North Korean hacking group known as Lazarus broke into a small Slovakian crypto exchange and stole virtual currency worth some $5.4 million. It was one of a string of cyber heists by Lazarus that Washington said were aimed at funding North Korea’s nuclear weapons programme.

Advertisement

Several hours later, the hackers opened at least two dozen anonymous accounts on Binance, the world’s largest cryptocurrency exchange, enabling them to convert the stolen funds and obscure the money trail, correspondence between Slovakia’s national police and Binance reveals.

In as little as nine minutes, using only encrypted email addresses as identification, the Lazarus hackers created Binance accounts and traded crypto stolen from Eterbase, the Slovakian exchange, according to account records that Binance shared with the police and that are reported here for the first time.

“Binance had no idea who was moving money through their exchange” because of the anonymous nature of the accounts, said Eterbase co-founder Robert Auxt, whose firm has been unable to locate or recover the funds.

Advertisement

Eterbase’s lost money is part of a torrent of illicit funds that flowed through Binance from 2017 to 2021, a Reuters investigation has found.

As her drug use became an everyday habit, she went days without sleep, wracked by hallucinations and depression. “I felt like I was dying, and I liked that feeling,” she said. Eventually, she sought psychiatric help and received therapy. Since then, she just used Hydra to buy cannabis.

State Department reports from 2019 and 2020, without mentioning Hydra or Binance, warned that drug traffickers in Russia were using virtual currencies to launder proceeds. A State Department spokesman declined to comment on Hydra and Binance.

As reported by Reuters in its January investigation, an internal document shows that Binance was aware of the risk of illegal finance in Russia. Binance’s compliance department assigned Russia an “extreme” risk rating in 2020 in an assessment that was reviewed by Reuters. It cited money-laundering reports by the U.S. State Department. Hillmann told Reuters Binance had taken more action against Russian money launderers than any other crypto exchange, citing a ban it imposed on three Russian digital currency platforms that were sanctioned by the United States.

Advertisement

Crypto flows between Binance and Hydra dropped sharply after the exchange tightened its customer checks in August 2021, the data from Crystal Blockchain shows.

“Financial freedom”

For the past five years, Binance has allowed traders on its platform to buy and sell a coin called Monero, a cryptocurrency that offers users anonymity. While bitcoin transactions are recorded on a public blockchain, Monero obscures the digital addresses of senders and receivers. A Beginner’s Guide to Monero by Binance, available on its website, said such coins were “desirable for those seeking true financial confidentiality.”

Zhao has spoken in favour of “privacy coins,” of which Monero is the most traded. During a 2020 video call with staff, a recording of which Reuters reviewed, Zhao said privacy was part of people’s “financial freedom.” He didn’t mention Monero, but said Binance had funded other privacy coin projects.

Monero proved to be popular among Binance users. As of late May, Binance was processing Monero trades worth around $50 million a day, far more than other exchanges, according to data from the CoinMarketCap website.

Law enforcement agencies in Europe and the United States have warned that Monero’s anonymity makes it a potential tool for money launderers. The U.S. Department of Justice, in a 2020 report, said it considered the use of “anonymity enhanced cryptocurrencies” like Monero “a high-risk activity that is indicative of possible criminal conduct.”

Advertisement

On several darknet forums that Reuters reviewed, over 20 users wrote about buying Monero on Binance to purchase illegal drugs. They shared how-to guides with names like DNM Bible, a reference to darknet markets.

“XMR is essential to anyone buying drugs on the Dark web,” wrote one user on the forum Dread, referring to Monero’s ticker symbol. It isn’t possible to contact users through the forum so Reuters was unable to reach these people for comment.

Hillmann told Reuters there were “many legitimate reasons why users require privacy,” such as when opposition groups in authoritarian regimes are denied safe access to funds. Binance opposed anyone using crypto to buy or sell illegal drugs, he said.

Hackers have used Binance to convert stolen funds into Monero.

Darknet users swapped information about buying Monero on Binance to purchase illegal drugs. Photo illustration by Dado Ruvic/REUTERS

In August 2020, hackers hijacked a cryptocurrency wallet belonging to an Australian man named Steve Kowalski by tricking him into downloading malware, Kowalski said in a witness statement to Australian police. They withdrew the 1,400 bitcoin he held in the wallet, worth some $16 million at the time. Kowalski told police he had bought the bitcoin for $500,000 six years earlier and they were a significant portion of his assets.

Advertisement

Investigators hired by Kowalski traced most of his bitcoin through a series of wallets to six Binance accounts, where the coins were exchanged for Monero, according to testimony and blockchain analysis reports filed as part of an ongoing civil complaint Kowalski submitted last year against Binance in Miami-Dade County, Florida. Kowalski declined to comment.

Kowalski’s investigation showed that a U.S. software consultant called Brandon Ng, then living in Florida, controlled most of the Binance accounts. Ng testified to the court that a crypto trading partner, who he knew online only by the username MoneyTree, deposited the bitcoin in his Binance accounts. MoneyTree, Ng said, paid him a 1% commission to convert the bitcoin into Monero on Binance and then transfer it back. A lawyer for Ng, Spencer Silverglate, said MoneyTree likely traded through Ng to shield his identity from Binance. Ng testified that he was not aware he was laundering stolen bitcoin.

MoneyTree did not respond to emails sent by Reuters to an address that Ng provided to the court. Silverglate, the lawyer, said Ng did not steal or launder Kowalski’s bitcoin and was an “innocent downstream trader.”

Ng’s Monero trading had earlier raised alarms at another crypto exchange called Poloniex, based in the United States, where he also had an account. In mid-2019, his Poloniex account was frozen after it was flagged for “high risk exposure” to money laundering due to Monero withdrawals totalling over $1 million, according to a summary filed with the court. Poloniex didn’t respond to a request for comment.

Advertisement

Binance dealt with Ng differently. Kowalski’s private investigators and lawyers contacted Binance soon after the theft, before Ng converted all the funds, and repeatedly asked Binance to permanently freeze Ng’s accounts, their written communications show. The letters, filed with the court, also accuse Binance of not responding to police requests to secure the assets for the duration of their investigation.

Binance imposed a seven-day freeze on the accounts, but then lifted it, allowing Ng to exchange the stolen bitcoin for Monero over several months. In his response to Reuters, Hillmann said law enforcement failed to request a permanent freeze via Binance’s web portal within the seven-day period and then didn’t answer the exchange’s follow-up questions.

A Binance investigation team member told one of the private investigators in a message that “while it is highly likely the paths leading to this account are malicious,” Binance could not prove the accounts were “created to facilitate laundering.” When the investigator persisted, the team member scolded him for “several issues with your tone.”

In a submission last December to the court in Florida, Binance said the case should be dismissed as the court did not have jurisdiction over the company. To determine the matter, the judge has granted discovery, a process where parties request documents from each other.

Hillmann told Reuters that Binance investigates all allegations of misconduct on its platform and takes appropriate action if its investigators uncover wrongdoing.

Eterbase, the Bratislava-based exchange hacked by the North Koreans, sought Binance’s help, too.

After news of the hack by Lazarus, Zhao tweeted on Sept. 9, 2020: “Will do what we can to assist.” But when Eterbase emailed Binance’s support centre, a Binance team member said they could not share any account data without a law enforcement request, according to communications between the two firms seen by Reuters.

Eterbase submitted a criminal complaint to Slovakia’s National Crime Agency. In June, 2021, the agency wrote to Binance requesting information and saying the funds were stolen by “anonymous attackers united under the Lazarus hacking group.” Binance replied that it could not identify accounts connected to the hack. In July, after another, more detailed police request, Binance sent the agency records on 24 accounts, adding they had been empty for over nine months as “the assets have instantly been traded.”

Hillmann said Binance fully cooperated with requests received from Slovakian authorities and helped them to identify the relevant accounts.

The records, reviewed by Reuters, showed the only personal information Binance held on the account holders was their email addresses, many of which were based on misspelt well-known names, such as “bejaminfranklin,” the American founding father, and “garathbale,” the Welsh soccer player. The hackers used virtual private networks to obscure their devices’ locations, the records show.

Within around 20 minutes of opening most of the accounts, the hackers passed an unspecified “security check” allowing them to withdraw crypto, according to the account records. Each account then converted portions of the stolen funds into just under two bitcoin, the withdrawal limit at the time for a basic account without identification.

After the hack, Eterbase stopped its operations and later filed for bankruptcy. Auxt, the company co-founder, said the losses meant Eterbase could no longer cover its expenses. “The hack killed our business,” he said. Victims of the hack are yet to be reimbursed.

“Black hole”

In private, Zhao has bemoaned that Binance needs to carry out checks on its customers. During the 2020 video call, Zhao told staff that know-your-customer rules were “unfortunately a requirement” of Binance’s business.

At times, the compliance team struggled with its workload. In a message to staff in January 2019, Zhao asked other departments to help the compliance team run background checks due to an “overwhelming” number of new users.

According to a group chat among Binance staff, the compliance team sometimes approved accounts with inadequate documentation. A team member complained to colleagues that one user was able to open an account by submitting three copies of the same receipt from a meal at an Indian restaurant. Hillmann said Binance’s know-your-customer checks are now “highly sophisticated” and that it views such rules as both “mandatory and welcome.”

Current and former police officials in five countries told Reuters that criminal groups were among Binance’s growing customer base in recent years.

In late 2019, Konrad Alber, a retired family lawyer in Germany, invested most of his savings on a trading platform he found online. He told Reuters he hoped it would supplement his small pension and allow his wife to stop working to support their life in a village in the Black Forest.

Konrad Alber, a retired lawyer who fell victim to an investment fraud. Angus Berwick/REUTERS

The platform, called Grandefex, promised to “unleash” his money’s potential through a sophisticated algorithm. In an email, a sales representative told Alber, who had little investing experience, that he could double any deposits within a year. Over 18 months, he wired almost 35,000 euros to Grandefex’s bank accounts.

Then, last June, when he asked Grandefex to pay him his expected profits, he discovered his money had been transferred to Binance, emails and bank account records show. Alber begged Grandefex by email to return his funds, telling their finance department he had a “mountain of debt” and was suffering a “nervous breakdown.”

In response, Grandefex told him, “You will simply not receive your money.”

Reuters’ emails and calls to Grandefex went unanswered. In June 2020, Germany’s regulator said the platform was unauthorised and ordered its closure.

Grandefex was one of a string of fake trading websites set up by organised crime groups that have scammed some 750 million euros from European citizens, many of them pensioners, according to German, Austrian and Spanish authorities. Six people involved in police investigations into the scams told Reuters that the groups, which operate call centres in Eastern Europe, have shifted to laundering their gains through crypto exchanges, particularly Binance.

Hillmann said Binance is tackling investment fraud by identifying victims and suspects, and whenever possible, freezing criminal proceeds.

A screenshot of the Grandefex website, one of a string of fake trading sites, according to police.

A Vienna-based non-profit organisation, the European Funds Recovery Initiative, which supports victims of investment fraud, has received around 220 complaints from people whose stolen savings were converted into crypto. Almost two-thirds lost money that was funnelled through Binance, totalling 7.4 million euros, said the initiative’s co-founder, Elfi Sixt. Other investment frauds targeting people in Turkey, Britain and Pakistan also used Binance, authorities have said.

Police officers and lawyers told Reuters that it is harder for fraud victims to recover lost funds when they pass through a crypto exchange. In many countries, consumers can ask their banks to freeze or reimburse stolen funds. Binance requires victims to sign non-disclosure agreements as a condition for temporarily freezing assets and insists on the direct involvement of law enforcement to process claims, according to its website.

Sixt said she has followed this process to no avail. “I’ve never succeeded at getting money back from Binance.” Asked about this, Hillmann didn’t directly respond.

Alber, the retired lawyer, sent a letter to Binance, but said he never heard back. In June 2021, the 67-year-old reported the theft of his savings and their transfer to Binance to local police. The prosecutor’s office in the nearby town of Baden-Baden said his case remains under investigation. Binance said it had no record of Alber’s letter.

At a police station in the Lower Saxony city of Braunschweig, the state cyber crime unit is investigating a similar scam that used Binance. Chief Inspector Mario Krause, two of his investigators and the prosecutor leading the probe detailed the case to Reuters.

Last October, the unit coordinated with Bulgarian authorities to raid a call centre in the capital Sofia, which police said ran hundreds of fake online trading platforms.

They obtained evidence, reviewed by Reuters, including a database showing the operators had taken in deposits totalling 94 million euros. Videos police seized from an employee’s phone depicted what Krause described as a “Wolf of Wall Street” atmosphere at the call centre. Staff rang gongs and popped champagne bottles when they secured big deposits. A scoreboard showed which employee had raked in the most money each week. They partied on yachts and private jets.

In a statement at the time of the raid, the prosecutor’s office said one suspect was arrested. The case prosecutor, Manuel Recha, told Reuters the organisation’s leaders are still at large. The company that ran the call centre, Dortome BG, did not respond to requests to comment.

A cybercrime police unit in Braunschweig, Germany (above) is investigating fraud. Angus Berwick/REUTERS

During the investigation, the cyber unit sought to trace where the stolen funds ended up.

Investigators tracked the money through many layers of bank accounts to Binance and another exchange, U.S.-based Kraken, police said. By the time Binance and Kraken provided account records, the police said the funds had been withdrawn or sent to a “mixer,” a service which anonymises crypto transactions by breaking them up and mixing them with other funds. The personal information held by both exchanges on the accounts was often fake or stolen from victims, the officers said.

Kraken told Reuters it has “bank-grade” customer checks and robust tools to prevent fraud. Kraken disputed that customer information provided to Braunschweig police was fake, saying “every indicator we have suggests these accounts were used by legitimate clients.”

The Germans’ money trail went cold.

Krause said his team was struggling to make progress. “We’re searching for a way out of the black hole,” he said.

In September 2020, a North Korean hacking group known as Lazarus broke into a small Slovakian crypto exchange and stole virtual currency worth some $5.4 million. It was one of a string of cyber heists by Lazarus that Washington said were aimed at funding North Korea’s nuclear weapons programme.

Advertisement

Several hours later, the hackers opened at least two dozen anonymous accounts on Binance, the world’s largest cryptocurrency exchange, enabling them to convert the stolen funds and obscure the money trail, correspondence between Slovakia’s national police and Binance reveals.

In as little as nine minutes, using only encrypted email addresses as identification, the Lazarus hackers created Binance accounts and traded crypto stolen from Eterbase, the Slovakian exchange, according to account records that Binance shared with the police and that are reported here for the first time.

“Binance had no idea who was moving money through their exchange” because of the anonymous nature of the accounts, said Eterbase co-founder Robert Auxt, whose firm has been unable to locate or recover the funds.

Advertisement

Eterbase’s lost money is part of a torrent of illicit funds that flowed through Binance from 2017 to 2021, a Reuters investigation has found.

As her drug use became an everyday habit, she went days without sleep, wracked by hallucinations and depression. “I felt like I was dying, and I liked that feeling,” she said. Eventually, she sought psychiatric help and received therapy. Since then, she just used Hydra to buy cannabis.

State Department reports from 2019 and 2020, without mentioning Hydra or Binance, warned that drug traffickers in Russia were using virtual currencies to launder proceeds. A State Department spokesman declined to comment on Hydra and Binance.

As reported by Reuters in its January investigation, an internal document shows that Binance was aware of the risk of illegal finance in Russia. Binance’s compliance department assigned Russia an “extreme” risk rating in 2020 in an assessment that was reviewed by Reuters. It cited money-laundering reports by the U.S. State Department. Hillmann told Reuters Binance had taken more action against Russian money launderers than any other crypto exchange, citing a ban it imposed on three Russian digital currency platforms that were sanctioned by the United States.

Advertisement

Crypto flows between Binance and Hydra dropped sharply after the exchange tightened its customer checks in August 2021, the data from Crystal Blockchain shows.

“Financial freedom”

For the past five years, Binance has allowed traders on its platform to buy and sell a coin called Monero, a cryptocurrency that offers users anonymity. While bitcoin transactions are recorded on a public blockchain, Monero obscures the digital addresses of senders and receivers. A Beginner’s Guide to Monero by Binance, available on its website, said such coins were “desirable for those seeking true financial confidentiality.”

Zhao has spoken in favour of “privacy coins,” of which Monero is the most traded. During a 2020 video call with staff, a recording of which Reuters reviewed, Zhao said privacy was part of people’s “financial freedom.” He didn’t mention Monero, but said Binance had funded other privacy coin projects.

Monero proved to be popular among Binance users. As of late May, Binance was processing Monero trades worth around $50 million a day, far more than other exchanges, according to data from the CoinMarketCap website.

Law enforcement agencies in Europe and the United States have warned that Monero’s anonymity makes it a potential tool for money launderers. The U.S. Department of Justice, in a 2020 report, said it considered the use of “anonymity enhanced cryptocurrencies” like Monero “a high-risk activity that is indicative of possible criminal conduct.”

Advertisement

On several darknet forums that Reuters reviewed, over 20 users wrote about buying Monero on Binance to purchase illegal drugs. They shared how-to guides with names like DNM Bible, a reference to darknet markets.

“XMR is essential to anyone buying drugs on the Dark web,” wrote one user on the forum Dread, referring to Monero’s ticker symbol. It isn’t possible to contact users through the forum so Reuters was unable to reach these people for comment.

Hillmann told Reuters there were “many legitimate reasons why users require privacy,” such as when opposition groups in authoritarian regimes are denied safe access to funds. Binance opposed anyone using crypto to buy or sell illegal drugs, he said.

Hackers have used Binance to convert stolen funds into Monero.

Darknet users swapped information about buying Monero on Binance to purchase illegal drugs. Photo illustration by Dado Ruvic/REUTERS

In August 2020, hackers hijacked a cryptocurrency wallet belonging to an Australian man named Steve Kowalski by tricking him into downloading malware, Kowalski said in a witness statement to Australian police. They withdrew the 1,400 bitcoin he held in the wallet, worth some $16 million at the time. Kowalski told police he had bought the bitcoin for $500,000 six years earlier and they were a significant portion of his assets.

Advertisement

Investigators hired by Kowalski traced most of his bitcoin through a series of wallets to six Binance accounts, where the coins were exchanged for Monero, according to testimony and blockchain analysis reports filed as part of an ongoing civil complaint Kowalski submitted last year against Binance in Miami-Dade County, Florida. Kowalski declined to comment.

Kowalski’s investigation showed that a U.S. software consultant called Brandon Ng, then living in Florida, controlled most of the Binance accounts. Ng testified to the court that a crypto trading partner, who he knew online only by the username MoneyTree, deposited the bitcoin in his Binance accounts. MoneyTree, Ng said, paid him a 1% commission to convert the bitcoin into Monero on Binance and then transfer it back. A lawyer for Ng, Spencer Silverglate, said MoneyTree likely traded through Ng to shield his identity from Binance. Ng testified that he was not aware he was laundering stolen bitcoin.

MoneyTree did not respond to emails sent by Reuters to an address that Ng provided to the court. Silverglate, the lawyer, said Ng did not steal or launder Kowalski’s bitcoin and was an “innocent downstream trader.”

Ng’s Monero trading had earlier raised alarms at another crypto exchange called Poloniex, based in the United States, where he also had an account. In mid-2019, his Poloniex account was frozen after it was flagged for “high risk exposure” to money laundering due to Monero withdrawals totalling over $1 million, according to a summary filed with the court. Poloniex didn’t respond to a request for comment.

Advertisement

Binance dealt with Ng differently. Kowalski’s private investigators and lawyers contacted Binance soon after the theft, before Ng converted all the funds, and repeatedly asked Binance to permanently freeze Ng’s accounts, their written communications show. The letters, filed with the court, also accuse Binance of not responding to police requests to secure the assets for the duration of their investigation.

Binance imposed a seven-day freeze on the accounts, but then lifted it, allowing Ng to exchange the stolen bitcoin for Monero over several months. In his response to Reuters, Hillmann said law enforcement failed to request a permanent freeze via Binance’s web portal within the seven-day period and then didn’t answer the exchange’s follow-up questions.

A Binance investigation team member told one of the private investigators in a message that “while it is highly likely the paths leading to this account are malicious,” Binance could not prove the accounts were “created to facilitate laundering.” When the investigator persisted, the team member scolded him for “several issues with your tone.”

In a submission last December to the court in Florida, Binance said the case should be dismissed as the court did not have jurisdiction over the company. To determine the matter, the judge has granted discovery, a process where parties request documents from each other.

Hillmann told Reuters that Binance investigates all allegations of misconduct on its platform and takes appropriate action if its investigators uncover wrongdoing.

Eterbase, the Bratislava-based exchange hacked by the North Koreans, sought Binance’s help, too.

After news of the hack by Lazarus, Zhao tweeted on Sept. 9, 2020: “Will do what we can to assist.” But when Eterbase emailed Binance’s support centre, a Binance team member said they could not share any account data without a law enforcement request, according to communications between the two firms seen by Reuters.

Eterbase submitted a criminal complaint to Slovakia’s National Crime Agency. In June, 2021, the agency wrote to Binance requesting information and saying the funds were stolen by “anonymous attackers united under the Lazarus hacking group.” Binance replied that it could not identify accounts connected to the hack. In July, after another, more detailed police request, Binance sent the agency records on 24 accounts, adding they had been empty for over nine months as “the assets have instantly been traded.”

Hillmann said Binance fully cooperated with requests received from Slovakian authorities and helped them to identify the relevant accounts.

The records, reviewed by Reuters, showed the only personal information Binance held on the account holders was their email addresses, many of which were based on misspelt well-known names, such as “bejaminfranklin,” the American founding father, and “garathbale,” the Welsh soccer player. The hackers used virtual private networks to obscure their devices’ locations, the records show.

Within around 20 minutes of opening most of the accounts, the hackers passed an unspecified “security check” allowing them to withdraw crypto, according to the account records. Each account then converted portions of the stolen funds into just under two bitcoin, the withdrawal limit at the time for a basic account without identification.

After the hack, Eterbase stopped its operations and later filed for bankruptcy. Auxt, the company co-founder, said the losses meant Eterbase could no longer cover its expenses. “The hack killed our business,” he said. Victims of the hack are yet to be reimbursed.

“Black hole”

In private, Zhao has bemoaned that Binance needs to carry out checks on its customers. During the 2020 video call, Zhao told staff that know-your-customer rules were “unfortunately a requirement” of Binance’s business.

At times, the compliance team struggled with its workload. In a message to staff in January 2019, Zhao asked other departments to help the compliance team run background checks due to an “overwhelming” number of new users.

According to a group chat among Binance staff, the compliance team sometimes approved accounts with inadequate documentation. A team member complained to colleagues that one user was able to open an account by submitting three copies of the same receipt from a meal at an Indian restaurant. Hillmann said Binance’s know-your-customer checks are now “highly sophisticated” and that it views such rules as both “mandatory and welcome.”

Current and former police officials in five countries told Reuters that criminal groups were among Binance’s growing customer base in recent years.

In late 2019, Konrad Alber, a retired family lawyer in Germany, invested most of his savings on a trading platform he found online. He told Reuters he hoped it would supplement his small pension and allow his wife to stop working to support their life in a village in the Black Forest.

Konrad Alber, a retired lawyer who fell victim to an investment fraud. Angus Berwick/REUTERS

The platform, called Grandefex, promised to “unleash” his money’s potential through a sophisticated algorithm. In an email, a sales representative told Alber, who had little investing experience, that he could double any deposits within a year. Over 18 months, he wired almost 35,000 euros to Grandefex’s bank accounts.

Then, last June, when he asked Grandefex to pay him his expected profits, he discovered his money had been transferred to Binance, emails and bank account records show. Alber begged Grandefex by email to return his funds, telling their finance department he had a “mountain of debt” and was suffering a “nervous breakdown.”

In response, Grandefex told him, “You will simply not receive your money.”

Reuters’ emails and calls to Grandefex went unanswered. In June 2020, Germany’s regulator said the platform was unauthorised and ordered its closure.

Grandefex was one of a string of fake trading websites set up by organised crime groups that have scammed some 750 million euros from European citizens, many of them pensioners, according to German, Austrian and Spanish authorities. Six people involved in police investigations into the scams told Reuters that the groups, which operate call centres in Eastern Europe, have shifted to laundering their gains through crypto exchanges, particularly Binance.

Hillmann said Binance is tackling investment fraud by identifying victims and suspects, and whenever possible, freezing criminal proceeds.

A screenshot of the Grandefex website, one of a string of fake trading sites, according to police.

A Vienna-based non-profit organisation, the European Funds Recovery Initiative, which supports victims of investment fraud, has received around 220 complaints from people whose stolen savings were converted into crypto. Almost two-thirds lost money that was funnelled through Binance, totalling 7.4 million euros, said the initiative’s co-founder, Elfi Sixt. Other investment frauds targeting people in Turkey, Britain and Pakistan also used Binance, authorities have said.

Police officers and lawyers told Reuters that it is harder for fraud victims to recover lost funds when they pass through a crypto exchange. In many countries, consumers can ask their banks to freeze or reimburse stolen funds. Binance requires victims to sign non-disclosure agreements as a condition for temporarily freezing assets and insists on the direct involvement of law enforcement to process claims, according to its website.

Sixt said she has followed this process to no avail. “I’ve never succeeded at getting money back from Binance.” Asked about this, Hillmann didn’t directly respond.

Alber, the retired lawyer, sent a letter to Binance, but said he never heard back. In June 2021, the 67-year-old reported the theft of his savings and their transfer to Binance to local police. The prosecutor’s office in the nearby town of Baden-Baden said his case remains under investigation. Binance said it had no record of Alber’s letter.

At a police station in the Lower Saxony city of Braunschweig, the state cyber crime unit is investigating a similar scam that used Binance. Chief Inspector Mario Krause, two of his investigators and the prosecutor leading the probe detailed the case to Reuters.

Last October, the unit coordinated with Bulgarian authorities to raid a call centre in the capital Sofia, which police said ran hundreds of fake online trading platforms.

They obtained evidence, reviewed by Reuters, including a database showing the operators had taken in deposits totalling 94 million euros. Videos police seized from an employee’s phone depicted what Krause described as a “Wolf of Wall Street” atmosphere at the call centre. Staff rang gongs and popped champagne bottles when they secured big deposits. A scoreboard showed which employee had raked in the most money each week. They partied on yachts and private jets.

In a statement at the time of the raid, the prosecutor’s office said one suspect was arrested. The case prosecutor, Manuel Recha, told Reuters the organisation’s leaders are still at large. The company that ran the call centre, Dortome BG, did not respond to requests to comment.

A cybercrime police unit in Braunschweig, Germany (above) is investigating fraud. Angus Berwick/REUTERS

During the investigation, the cyber unit sought to trace where the stolen funds ended up.

Investigators tracked the money through many layers of bank accounts to Binance and another exchange, U.S.-based Kraken, police said. By the time Binance and Kraken provided account records, the police said the funds had been withdrawn or sent to a “mixer,” a service which anonymises crypto transactions by breaking them up and mixing them with other funds. The personal information held by both exchanges on the accounts was often fake or stolen from victims, the officers said.

Kraken told Reuters it has “bank-grade” customer checks and robust tools to prevent fraud. Kraken disputed that customer information provided to Braunschweig police was fake, saying “every indicator we have suggests these accounts were used by legitimate clients.”

The Germans’ money trail went cold.

Krause said his team was struggling to make progress. “We’re searching for a way out of the black hole,” he said.

Read more!
Advertisement