Friday, 19 July 2024 11:42

The judge issued a certificate stating that she had not issued such a ruling Featured

How former FSB and Russian Interior Ministry employees are deceiving global crypto exchanges and robbing their clients.

At the end of 2023, the editorial board published a series of investigations that lifted the veil of secrecy over the beneficiaries of the Garantex exchange. The other day, the media outlet  also introduced readers to the work of Match systems, aka Plain chain, which position themselves as blockchain investigators. Today we have a topic that intertwines Garantex, Match systems, former FSB employees, current investigators of the Ministry of Internal Affairs of the Russian Federation and, of course, scams for gigantic sums.   

Crypto is an area where it is very easy to deceive a person, there is an incredible amount of scams and hacks, crypto is constantly stolen and it is very easy to lose. In cases of theft, the path of crypto is not tricky: first, the thief takes all the bits or tether from the victim’s wallet to his cold wallet, from where he sells the stolen money in some exchanger. Accordingly, the thief receives real money, and the exchanger receives the stolen cryptocurrency, most often, to its exchange wallet. And here the investigators come into play. Their task is to track where the stolen coins went, and then somehow get them out of there.

The field of assistance to this kind of victims is played by guys who are quite well-known in narrow circles – Match Systems, also known as Plain Chain (hereinafter referred to as MS). The guys are smart, they have the competence and ability to search for cryptocurrencies, they effectively protect the interests of their clients for a decent %. But there is one significant but – what tools do they use to achieve this. The media talked to representatives of one of the victims, here is his story: 

"The work of the MS was set up in a simple way: court and investigator orders, often born in Photoshop and on a color printer, were sent to the exchange (and even directly to TetherLimited). They told about a great criminal case. The legend is as follows: there is Vasya - his crypto was allegedly stolen, the crypto reached the exchange and settled on Petya’s account. In the court or investigator’s order, where this legend is set out, it is written that a criminal case was allegedly initiated on this fact, an account on the exchange was established where the stolen coins went, and the exchange was ordered to first seize Petya’s account by court order, and then lift the seizure with the transfer of funds to Vasya by the investigator’s order. At the same time, it is important for the reader to remember that even if the decisions were not drawn in Photoshop, and the criminal case actually existed, the investigator does not have the right to transfer assets from one person to another by his decision; he can only lift the arrest and that’s all. 

We do not know whether in all cases of funds being taken away under this scheme there was initially a fact of funds being stolen from a certain Vasya, but we know for sure that a significant number of court and investigator decisions were directly falsified. By whom and how – read on, it is interesting.

Let’s look at a specific example. 

Garantex , Match  Systems  and document forgery. A series of bedtime stories. 

In January, a person trading cryptocurrency on the Garantex crypto exchange contacted us. His deposit of about 25 million rubles was frozen by the exchange and the support refused to explain the reasons - a common story for any crypto exchange. During a personal visit to the exchange office with our lawyer, the exchange provided Resolution of the Basmanny District Court of Moscow No. 3/1-2/2023 dated 01/18/2023 on the seizure of a cryptocurrency deposit account belonging to the exchange and listed for a specific user - our principal. At the same time, technical errors were immediately found in the resolution: the deposit account of the USD Tether cryptocurrency, or USDT, in the Tron network (TRC20) did not begin with the same letter as the accounts in this network. It started with S, and such addresses should start with the letter T. In addition, the order did not specify the period of arrest or the details of the account owner, in case he was a special subject - the investigation did not check. But the latter is a trifle and is regularly allowed by real courts. The date of initiation, the number of the criminal case and the qualification were also indicated - Part 4 of Article 159 of the Criminal Code of the Russian Federation, fraud. Moreover, from the initiation of the criminal case to the issuance of the court order on arrest, 3 weeks passed, one and a half of which fell on the New Year holidays. 

News on the topic:  Scientologists found to be involved in the theft of state defense procurement funds in Lipetsk

At that moment, I already had doubts about the validity of the ruling, but I was not sure. As a former investigator, I knew very well that it was practically impossible to obtain a court order to seize a cryptocurrency account in such a short time - this is basically on the verge of fantasy, because: a) no government agencies know how to work with cryptocurrency and do not like it; b) the court order does not indicate the Garantex exchange, which owns this deposit account, does not indicate the owner of the account, there is no term of seizure, there is no amount of seizure in the operative part, and so on.

Clarification: the authenticity of the Resolution could have been verified immediately, in just 2 minutes, by anyone who wanted to. Go to the website  https://mos-gorsud.ru/rs/basmannyj/search , enter the resolution number 3/1-2/2023 and easily download the actual resolution via the link  https://mos-gorsud.ru/rs/basmannyj/cases/docs/content/852a0270-8b54-11ed-8108-359a2851742a  . The current resolution was issued on a completely different fact and a different criminal case. I didn’t think to do this right away, since in Yekaterinburg, where I live and work, district courts do not post materials from such proceedings on the website (the websites have different engines).

In this regard, I contacted one of the Match Systems employees, whom I had previously known, and I knew that they were handling cases of cryptocurrency theft. He himself explained to me that they were handling this case, representing the interests of the victims, tracking the stolen cryptocurrency to Garantex and helping the investigation freeze this account. Regarding the typo with the account address, he explained that it was simply a technical error. He also told a story about how 400,000 USDT was stolen from a certain Vasya, that is, 400,000 US dollars or about 27 million rubles on the date of the court ruling. The funds were allegedly stolen by a certain hacker from a certain Moscow resident, of the allegedly stolen funds he managed to sell - that is, sell to our client - only 150,000 USDT, or about 10 million rubles, and the remaining cryptocurrency was frozen in the cryptocurrency accounts of the thief himself through TetherLimited itself. Thus, our client, according to Match Systems, acquired 150,000 USDT of criminal origin. At the time of the arrest, the client’s account contained a comparable amount of about 400,000 USDT, where the remaining 250,000 USDT were the client’s legal property. 

Garantex , Match  Systems  and document forgery. A series of bedtime stories. Part 3.

uriqzeiqqiuhrmf tqiqthidekithvls

It is worth noting that the principal had no idea about the criminal nature of the origin of the funds and has nothing to do with any theft, even if it actually took place, and therefore cannot bear financial responsibility for the actions of the mythical hacker. 

It is also important to note that during the investigation, it is impossible to deprive a person of property rights, it is only possible to seize the property. And the property of a witness cannot be seized indefinitely, according to Part 3 of Article 115 of the Criminal Procedure Code of the Russian Federation. Property can only be deprived of by a court decision, in this case - by a guilty verdict against anyone. But even so, if our person is not an accused, the court can decide to take away from him only that part of the criminal coins that he acquired. And, in addition, we know very well that such thefts of cryptocurrency have a zero detection rate and never lead to the capture of the real criminal and his trial, and therefore to a court decision to take something from someone and return it to the victim. 

Then the person from Match Systems told me that he offered the principal to voluntarily return 150,000 USDT to the victim and keep his own 250,000 USDT. Otherwise, all funds would be confiscated from him, including his own, to which the alleged victim had access. To my reasonable question of how anything could be taken from him before the trial, especially if he was not the accused, the case would not go to court, no one had found the real hacker, etc., in response I heard that they would resolve this issue. That was an obvious hint at illegal methods. I grinned, said goodbye, and went to dig on my own.

We applied to the Basmanny Court with the ruling we received at the exchange. A few days later, the court summoned us, and the stunned judge issued a certificate stating that such a ruling had not been issued by the court. She also said that a criminal case under such a number was being investigated under Article 111 of the Criminal Code of the Russian Federation - grievous bodily harm, and that the Investigative Committee of the Russian Federation would be investigating this forgery. At the same time, our lawyer in Moscow began receiving threats through intermediaries from employees of the Basmanny District Department of Internal Affairs, and the person from Match Systems, who had issued illegal ultimatums, deleted my correspondence in Telegram. 

Thus, we are convinced of the dishonesty of Match Systems. From the words of their person that typos in the court order can be easily corrected, and funds from the account can be written off right during the investigation, it became obvious that they have a direct relation to this. But even this is not the main evidence. The point is that without their participation, their software and knowledge, no investigators of the Basmanny Department of the Ministry of Internal Affairs would have been able to trace the path of the stolen cryptocurrency (even if the theft actually took place) to the Garantex wallet. And we remind you that Garantex is sanctioned, does not mark its wallets and hides their addresses from monitoring services like Crystalblockchain. The Ministry of Internal Affairs of the Russian Federation officially does not have access to such systems, since they are developed by companies from unfriendly countries and are prohibited for sale in the Russian Federation (spoiler - they still use them to circumvent restrictions and copyrights, but mainly by the UNK and OBK departments). Ordinary employees of district police departments do not have the experience and skills to use even the publicly available service  https://tronscan.org/  for monitoring transactions in the Tron network, let alone the complex Crystal.

News on the topic:  The FSB is conducting searches in the Tyumen Region Department of Internal Affairs

It is important to clarify that we still do not know whether the initial theft of cryptocurrency took place, as they told us, but these people have not yet provided any real evidence of such a fact. After the publication of the story about the detention of investigator Shakina, representatives of Match Systems, of course, began to deny involvement - they say that the cops themselves drew something there, and they are honest crypto investigators helping victims. Yeah, they didn’t stand with a candle, we believe them.

As previously  reported by the media, Match Systems fictitiously split up to hide the founders’ connection with Russian law enforcement agencies. 

And finally, who are they, the werewolves in uniform who decided to get rich on the imperfections of cryptocurrency compliance systems, the oversight (or collusion) of exchanges and attract investors’ money for this, telling tales about a successful software startup "from Singapore".

Founders

1 Dorzhinov Ice Nikolaevich

former analyst of the Internet Security Center of the FSB of the Russian Federation

lives in Dubai, UAE

Co-founder of Match systems, responsible for analytics and investigations, "borrowed" databases of tagged addresses after leaving the FSB

2 Kutin (also Kutin) Andrey Olegovich

lives in Dubai, UAE

former operative of the Main Directorate for Drug Control of the Ministry of Internal Affairs of the Russian Federation

CEO Match systems

actively travels and attends crypto and security events on behalf of the company, and is married to the daughter of a former high-ranking official associated with the oil business.

3. Georgy Rakhaev

advocate 

Moscow city, Federation tower, office 4207

co-founder and investor in Match systems, effectively providing "legalization" and contacts with werewolves in uniform

active lawyer of the Moscow Region Bar Association 50/9246 (this investigation was sent to the Bar Association for a petition to revoke the license) creator of a fraudulent law firm collecting orders for Match systems

But there’s more to come. 

In the next publication new facts about this scam

To be continued