Crypto is a sphere where it is very easy to deceive a person, there are an incredible number of scams and hacks, crypto is constantly stolen and it is very easy to lose.
In cases of theft, the path of crypto is not tricky: first, the thief takes all the bits or tether from the victim’s wallet to his cold wallet, from where he sells the stolen money in some exchanger. Accordingly, the thief receives real money, and the exchanger receives the stolen cryptocurrency, most often, to its exchange wallet. And then the investigators come into play. Their task is to track where the stolen coins went, and then somehow get them out of there.
In the field of assistance to such victims in Russia, there are guys who are quite well-known in narrow circles – Match Systems, also known as Plain Chain (hereinafter referred to as MS). The guys are smart, they have the competence and ability to search for cryptocurrencies, they effectively protect the interests of their clients for a decent %. But there is one significant but – what tools do they use to achieve this.
Journalists spoke with representatives of one of the victims, and here is his story:
"The work of the MS was set up in a simple way: court and investigator orders, often born in Photoshop and on a color printer, were sent to the exchange (and even directly to TetherLimited). They told about a great criminal case. The legend is as follows: there is Vasya - his crypto was allegedly stolen, the crypto reached the exchange and settled on Petya’s account. In the court or investigator’s order, where this legend is set out, it is written that a criminal case was allegedly initiated on this fact, an account was established on the exchange where the stolen coins went, and the exchange was ordered to first seize Petya’s account by court order, and then lift the seizure with the transfer of funds to Vasya by order of the investigator. At the same time, it is important for the reader to remember that even if the orders were not drawn in Photoshop, and the criminal case really existed, the investigator does not have the right to transfer assets from one person to another by his decision, He can only lift the arrest and that’s all."
We do not know whether in all cases of funds being taken away under this scheme there was initially a fact of funds being stolen from a certain Vasya, but we know for sure that a significant number of court and investigator decisions were directly falsified. By whom and how – read on, it is interesting.
Let’s look at a specific example.
Garantex, Match Systems and document forgery
In January, a person trading cryptocurrency on the Garantex crypto exchange contacted journalists. His deposit of about 25 million rubles was frozen by the exchange and support refused to explain the reasons - a common story for any crypto exchange. During a personal visit to the exchange office with our lawyer, the exchange provided Resolution of the Basmanny District Court of Moscow No. 3/1-2/2023 dated 01/18/2023 on the seizure of a cryptocurrency deposit account belonging to the exchange and listed for a specific user - our principal.
At the same time, technical errors were immediately found in the resolution: the deposit account of the USD Tether cryptocurrency, or USDT, in the Tron network (TRC20) did not begin with the letter with which accounts in this network begin. It began with S, and such addresses should begin with the letter T. In addition, the resolution did not indicate the period of arrest or information about the account owner, suddenly this is a special subject - the investigation did not check. But the latter is a trifle and is regularly allowed by real courts. Also indicated were the date of initiation, the number of the criminal case and the qualification - Part 4 of Article 159 of the Criminal Code of the Russian Federation, fraud. Moreover, from the initiation of the criminal case to the issuance of the court order on arrest, 3 weeks passed, one and a half of which fell on the New Year holidays.
At that moment, doubts about the validity of the resolution arose, but there was no certainty. As a former investigator, I knew very well that it was practically impossible to obtain a court order to seize a cryptocurrency account in such a short time - this is basically on the verge of fantasy, because:
a) no government agencies know how to work with cryptocurrency and don’t like it;
b) the court ruling does not indicate the Garantex exchange, which owns this deposit account, does not indicate the account owner, there is no period of arrest, there is no amount of arrest in the operative part, and so on.
Clarification: the authenticity of the Resolution could be verified immediately, in just 2 minutes, by anyone who wanted to. Go to the website https://mos-gorsud.ru/rs/basmannyj/search, enter the resolution number 3/1-2/2023 and easily download the actual resolution via the link https://mos-gorsud.ru/rs/basmannyj/cases/docs/content/852a0270-8b54-11ed-8108-359a2851742a. The current resolution was issued on a completely different fact and a different criminal case.
In this regard, the victims contacted one of the Match Systems employees, whom they had previously known and who had been involved in cryptocurrency theft cases. He explained that they were handling this case, representing the interests of the victims, had traced the stolen cryptocurrency to Garantex and had helped the investigation freeze this account. Regarding the typo with the account address, he explained that it was simply a technical error.
News on the topic: Yanukovych was summoned to the investigator
He also told a story about how 400,000 USDT was stolen from a certain Vasya, that is, 400,000 US dollars or about 27 million rubles on the date of the court ruling. The funds were allegedly stolen by a certain hacker from a certain resident of Moscow, of the allegedly stolen funds he managed to sell - that is, sell to our client - only 150,000 USDT, or about 10 million rubles, and the remaining cryptocurrency was frozen in the cryptocurrency accounts of the thief himself through TetherLimited itself. Thus, our client, according to Match Systems, acquired 150,000 USDT of criminal origin. At the time of the arrest, there was just a comparable amount of about 400,000 USDT in the client’s account, where the remaining 250,000 USDT were the legal property of the client.
It is worth noting that the principal had no idea about the criminal nature of the origin of the funds and has nothing to do with any theft, even if it actually took place, and therefore cannot bear financial responsibility for the actions of the mythical hacker.
It is also important to note that during the investigation, it is impossible to deprive a person of property rights, it is only possible to seize the property. And the property of a witness cannot be seized indefinitely, according to Part 3 of Article 115 of the Criminal Procedure Code of the Russian Federation. Property can only be deprived of by a court decision, in this case - by a guilty verdict against anyone. But even so, if our person is not an accused, the court can decide to take away from him only that part of the criminal coins that he acquired. And, in addition, we know very well that such thefts of cryptocurrency have a zero detection rate and never lead to the capture of the real criminal and his trial, and therefore to a court decision to take something from someone and return it to the victim.
Then the person from Match Systems said that he offered the principal to voluntarily return 150,000 USDT to the victim and keep his own 250,000 USDT. Otherwise, all funds would be confiscated from him, including his own, to which the alleged victim had access. To my reasonable question, how could anything be taken from him before the trial, especially if he is not the accused, the case is not going to court, no one has found the real hacker, etc., in response I heard that they would resolve this issue. That is, there was an obvious hint at illegal methods.
The journalists applied to the Basmanny Court with the ruling they had received at the exchange. A few days later, the court summoned us, and the stunned judge issued a certificate stating that such a ruling had not been issued by the court. She also reported that a criminal case under such a number was being investigated under Article 111 of the Criminal Code of the Russian Federation - grievous bodily harm, and that the Investigative Committee of the Russian Federation would be investigating this forgery. At the same time, the lawyer in Moscow began receiving threats through intermediaries from employees of the Basmanny District Department of Internal Affairs, and the person from Match Systems, who had issued illegal ultimatums, deleted the correspondence in Telegram.
Thus, we have become convinced of the dishonesty of Match Systems. From the words of their person that typos in the court ruling can be easily corrected, and funds from the account can be written off right during the investigation, it became obvious that they have a direct relation to this. But even this is not the main evidence. The point is that without their participation, their software and knowledge, no investigators of the Basmanny Department of the Ministry of Internal Affairs would have been able to trace the path of the stolen cryptocurrency (even if the theft had actually taken place) to the Garantex wallet.
Let us remind you that Garantex is sanctioned, does not mark its wallets and hides their addresses from monitoring services like Crystalblockchain. The Ministry of Internal Affairs of the Russian Federation does not officially have access to such systems, since they were developed by companies from unfriendly countries and are prohibited for sale in the Russian Federation (spoiler - they still use them in circumvention of restrictions and copyrights, but mainly by the UNK and OBK departments). Ordinary employees of district police departments do not have the experience and skills to use even the publicly available service https://tronscan.org/ for monitoring transactions in the Tron network, let alone the complex Crystal.
It is important to clarify that we still do not know if the original theft of cryptocurrency that they told us about took place, but these people have not yet provided any real evidence of such a fact.
Let us recall that earlier the publication Rucriminal.info wrote that Match systems fictitiously split up in order to hide the founders’ connection with the Russian law enforcement agencies.
Who is behind Match systems?
And finally, who are they, the werewolves in uniform who decided to get rich on the imperfections of cryptocurrency compliance systems, the oversight (or collusion) of exchanges and attract investors’ money for this, telling tales about a successful software startup "from Singapore".
Founders:
1. Dorzhinov Ays Nikolaevich, former analyst of the Internet Security Center of the FSB of the Russian Federation, lives in Dubai, UAE, co-founder of Match systems, is responsible for analytics and investigations, "borrowed" databases of marked addresses, leaving the FSB.
2. Kutin (also Kutin) Andrey Olegovich, lives in Dubai, UAE, former operative of the Main Directorate for Drug Control of the Ministry of Internal Affairs of the Russian Federation, CEO (Gendir) Match systems, actively travels and attends crypto and security events on behalf of the company, married to the daughter of a former high-ranking official associated with the oil business.
3. Georgy Rakhaev, lawyer, Moscow City, Federation Tower, office 4207, co-founder and investor in Match systems, actually provides "legalization" and contacts with werewolves in uniform, active lawyer of the Moscow Region Bar Association 50/9246 (this investigation was sent to the Bar Association for a petition to revoke the license), creator of a fraudulent law firm collecting orders for Match systems