Guilty to Innocent: Blockchain Saves Two Venezuelans in Bancar Case

Imprisoned without going through square one – The Cryptocurrency hack It usually grabs the headlines. The same goes for arrests from their authors. The arrest of two high-profile individuals linked to an attack on the Bitfinex exchange in 2016 is a case in point. at November 2020, Venezuelan authorities arrested two software developers. The two partners were suspected of having stolen approximately 1 million dollars Bitcoins on a local exchange called Bancar. Now bleached thanks to the blockchain, Mendoza and Diaz have always announced Innocence. Here is their story.

Bancar exchange hack

It all starts in 2018, when Bancar hires POSINT to help build a cryptocurrency exchange. Jose Manuel Osorio Mendoza and Kelvin Jonathan Diaz are employees of this Venezuelan software development company. After developing the platform, which was endorsed by the Maduro government, the company handed over the reins Code source in Bankar.

after a year, 103.99 Bitcoin It’s worth about $1 million disappears from the exchange during a cyber attack. Five separate transactions are then used to steal bitcoins (BTC) from the platform. In fact, the hacker performs three transactions on 4 September 2019 And the other two September 7, 2019 And it disappears on the blockchain with the loot.

A hacker attacked the Bancar exchange in September 2019.

Immediately, Bancar is suspicious of POSINT, the company that developed the software Bancar uses. Mendoza and Diaz’s teammate Danny Benagos performs a minor show tracing He discovered that the stolen bitcoins (BTC) are on Binance. He informs Bancar by email and advises them to hire CipherBlade Investigation About the hack or contact Binance to try to get a refund.

“I don’t think a professional attacker or hacker would deposit that amount of money on an exchange as big as Binance. »

Danny Benagos, COO of POSINT

A year later, in December 2020Local media reported that the Venezuelan authorities arrested two people. Mendoza and Diaz will be the prime suspects in the investigation into this attack. At the time, Mendoza was chief technology officer of POSINT and Diaz, one of the company’s lead developers. After his colleagues are arrested, Penagos tries to contact Binance himself but does not receive no answer. He then turns to CipherBlade, a blockchain investigation agency, in order to successfully prove Mendoza and Diaz’s innocence.

In Venezuela, police arrested Mendoza and Diaz, both suspected of stealing $1 million worth of bitcoin from local platform Bancar.
Mendoza and Diaz are Suspect No. 1 and end up in custody.

>> Blockchain investigators are watching. Discover the reliable indicators of Invictus Capital (referral link). <

Transaction Analysis and Monitoring with CipherBlade

Less than a month after the investigation began, CipherBlade is tracing in great detail the money stolen from Bancar. Once 103.99 BTC was removed from the exchange, the author deposited the stolen bitcoins to two separate addresses. Then the stolen Bitcoin (BTC) finally converged on an address on Binance.

“We first saw all the funds go to Binance. However, we were able to find out that the address the funds went to was not a personal Binance account belonging to the hacker. It was some kind of service. »

Paul Sibenik, Case Manager, CipherBlade

Binance then informs investigators that the address is linked to This company, based Moscow Offers over-the-counter (OTC) trading services. Therefore, Bankar’s stolen treasure first ended up in two titles belonging to the thief. Then use to turns up Bitcoin (BTC) in another asset. In other words, the author used’s OTC service to egg Stolen bitcoins before being sent to his Binance account.

A Bitcoin thief on Bancar uses an OTC service to launder his loot.
A Bitcoin thief on Bancar uses an OTC service to launder his loot.

CipherBlade decides to request information from However, the Russian society is not Uncooperative. Binance, come to the rescue. The famous CipherBlade exchange helps by applying for The source of this money at The exchange may make such a request to its clients asking them to explain the origin of the funds or assets deposited on the platform.

“The first thing is that anyone who was a customer at the time knew they had no requirements. They didn’t care who they were dealing with or where the money came from. I highly respect aliases and privacy, but there are also ethical values. This was the case. Critical: There were two people in prison. »

Miguel Alonso Torres, Senior Investigator at CipherBlade finally shares the information. These allow CipherBlade to recover everything. Because of this, they already ownIP The thief, his Telegram ID, his ISP, and his web browser. All information refers to a Russian national.

Mendoza and Diaz released, Sweex ruled

In the end, the Venezuelan court agreed to review the CipherBlade report. Based on the results of the investigation, in January 2021, court grants conditional release from Mendoza and Diaz. at August 2021The court formally rejects all charges against them.

“It turns out that Mendoza and Diaz were really scapegoats. »

Paul Sibenik, Case Manager, CipherBlade

The US Treasury has imposed sanctions on the OTC service.
The US Treasury has imposed sanctions on the OTC service.

Moreover, in September becomes the first stock exchange accept it By the Office of Foreign Assets Control (OFAC) of the Department of US Treasury Department. The platform is now in the same category as terrorists and drug dealers. immediately after that, Binancewho participated in the CipherBlade investigation, Account withdrawal exchange platform.

Intelligence company CipherBlade also describes in its report procedures That can be taken by the Venezuelan authorities to find the culprit and close the case. We do not know whether the Venezuelan authorities later the individual concerned. Either way, CipherBlade is hope.

Defects discovered in Bancar

CipherBlade also viewed Bancar server. The intelligence company found a number of Disadvantages It can expose the platform to attacks. In fact, the survey reveals that there are more than 7000 Annoying web pages on the exchange server that are not generated by Bancar. A simple site search will return pages with the extension Any kind of contentfrom Russian brides to rent a car.

7000 spam web pages have been detected on Bancar server.
7000 spam web pages have been detected on Bancar server.

CipherBlade also detected that a file SSL Certificate The platform, which authenticates the identity of the site, was installed correctly but revoked in December 2020. One year after the hack. An SSL certificate can be revoked for a number of reasons, including the possibility that private keys was hacked.

“As with banks and other traditional financial institutions, when illicit flows pass through exchanges, the exchange itself does not harbor criminal groups, but rather acts as an intermediary. »

Statement from a spokesperson for the Binance Exchange

Miguel Alonso Torres Company, Principal Investigator at cipher It works on a wide variety of situations. From hacking to theft to divorce where the husband does not reveal his crypto holdings. However, two suspects have been released the first for Torres.

“Having someone in prison and being asked to investigate the hack just to prove in court that they are innocent is completely unique. I have never had a case like this before. »

Miguel Alonso Torres, Senior Investigator at CipherBlade

The demand for blockchain intelligence services to track illicit transactions is booming. The intelligence firm Blockchain Chainalysis is proof of this. This company also estimates that in 2021, $8.6 billion was laundered in cryptocurrency.

With their sophisticated tools, cryptographic investigators are bypassing the blockchain to catch the perpetrators of illegal activities…or exonerate those wrongly accused. No need to deploy high-flying technologies to benefit from returns of more than 10% per annum. Register with Invictus Capital to discover the IML Fund (Referral Link).

Leave a Reply

Your email address will not be published.