Alleged Bitcoin Thief in Dark Web Phishing Scheme Arrested

Russia Hackers Arrest

A man accused of stealing bitcoin from darknet marketplace accounts after tricking users to reveal their credentials via a phishing scheme has been arrested and sees multiple marches.

Michael Richo, a 34-year-old from Wallingford, Connecticut was arrested yesterday by the FBI following a criminal complaint against him.

The complaint alleges that Richo devised an online phishing scheme to steal bitcoins from several individuals on the dark web, according to a notice by Department of Justice (DOJ).

Richo’s phishing scheme saw at least 10,000 stolen usernames and passwords saved on his computer, the complaint alleges.

Lucrative Phishing Hole

Targeting an ecosystem that sees Bitcoin as its primary currency, Richo allegedly posted fake phishing links within online marketplaces on dark web forums. As any good phishing scheme, the links redirected unfortunate individuals to a fake URL and a legit-enough login page, where users entered their credentials. This information was then accessible by RIcho, who was able to access the victims’ marketplace accounts with their stolen credentials.


According to the complaint, Richo then monitored the balances of accounts he compromised, before withdrawing any bitcoins deposited by the targeted individual into the account. The stolen bitcoins were then deposited into Richo’s own bitcoin wallet.

Richo then sold the bitcoins to others for fiat U.S. dollars, which was deposited into a bank account that Richo had control over.

The complaint laid out a number of charges including access device fraud, computer fraud, wire fraud, identity theft and money laundering.

Following his arrest yesterday, Richo was released on a $100,000 bond on the same day.

If convicted across a number of charges, the maximum term of imprisonment for each charge were revealed to be 20 years for money laundering; 20 years for wire fraud, 10 years for access device fraud, five years for computer fraud and; a mandatory term of two years for aggravated identity theft.

Earlier this year, the DOJ revealed its first ever bitcoin-related case where one man was charged with operating an unlicensed money transmitting business, with two others charged with money laundering and other related infringements.

Images from Shutterstock.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.