Guy who ran Bitcoins4Less tells Feds he had less than zero laundering protections

What? Yogurt Monster isn't really a legitimate customer's name?!

A California man has admitted he failed to bake anti-money laundering protections into his cryptocurrency exchange, thus allowing scammers and drug traffickers to launder millions of dollars through the service.

Charles James Randol, 33, who is now due to be sentenced, faces a maximum of five years in federal prison and three years supervised release, plus a fine of up to $250,000 or twice the total illicit proceeds from the scams, whichever amount is greater.

According to an agreement [PDF] with prosecutors to plead guilty, Randol said he operated a virtual-currency money company called Bitcoins4Less, and later Digital Coin Strategies, between October 2017 and July 2021. The business offered cash for Bitcoin and vice versa, with Randol collecting a commission on the payouts.

Randol provided cryptocurrency exchange services in various ways, including via the post, ATMs, and occasionally in person, prosecutors told a Los Angeles federal court on Tuesday. The Santa Monica man would handle crypto-cash transactions exceeding $10,000 without knowing who his customers were – folks known only as "Puppet Shariff," "White Jetta," "Aaavvv," "Aaaa," and "Yogurt Monster," for example – which is hardly in line with regulatory requirements.

To stay on the right side of American law, Randol should have verified and recorded their identities.

In his plea agreement, the cryptocurrency dealer admitted to three in-person transactions between October 2020 to January 2021 in which he gave an undercover FBI agent a total of $273,940 in cash for Bitcoin, and kept a four percent commission fee. 

Randol "did not request a name, proof of identity, social security number, or any other information about [the undercover agent] or the source of the funds being exchanged," the plea agreement says.

The business man also operated a network of automated kiosks in Southern California that converted cash to crypto, or Bitcoin to cash. And he used snail mail for his operation: unknown individuals mailed "large amounts of US currency" to his post office boxes, and Randol conducted Bitcoin-for-cash transactions for these shady individuals, too. 

"Additionally, when defendant received the packages, the cash was often packaged in a suspicious manner, including inside hidden children's books, concealed inside fake birthday or holiday presents, buried within puzzle pieces, or wrapped within multiple magazines," the court documents say.

FBI agents interviewed Randol about fraud proceeds that had been mailed to his post office boxes in June 2019. Two days later, Randol told a customer he was taking a "hiatus" from converting cash parcels into cryptocurrency because he "ran into an issue" with the Feds. Shortly after, however, Randol agreed to exchange $10,000 in cash for Bitcoin for this same anonymous punter. 

Regulations are what brought him down

Randol advertised his services on his website, and third-party sites like, which court documents say "falsely represented that Digital Coin Strategies was 'a fully compliant FinCEN registered money services business.'"

FinCEN, or the Financial Crimes Enforcement Network, is the US regulatory body that ensures money services businesses comply with the Bank Secrecy Act. The federal law requires such firms develop and maintain an anti-money laundering program, file reports for exchanges of currency larger than $10,000, conduct due diligence on customers, and file suspicious activity reports intended to prevent money laundering and other financial crimes.

"In truth, and as detailed below, defendant intentionally and willfully failed to comply with his obligations under the Bank Secrecy Act," according to the plea agreement.

Specifically, Randol failed to collect "appropriate information" about his customers, file transaction reports, and notify the government of "repeated" suspicious transactions.

His biz had a written anti-money laundering policy "to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities," that said Digital Coin Strategies would take the above-mentioned actions to comply with the federal law. 

Of course, the firm did not take any of these measures to prevent money laundering.

Randol did hire a compliance officer in September 2020, but he ignored this executive's advice to stop using accounts labeled "test" for customer transactions on Bitcoin kiosks. This person also warned Randol that his in-person transactions increased his risk of running afoul of the law, but Randol ignored that tip, too.

Although the plea agreement was filed on Tuesday, Randol will formally plead guilty to the charge in court at some point during the next few weeks. ®

Send us news

Bitcoin's thirst for water is just as troubling as its energy appetite

A single transaction chugs 6.2 million times more than a credit card swipe

Uncle Sam probes cyberattack on Pennsylvania water system by suspected Iranian crew

CISA calls for stronger IT defenses as Texas district also hit by ransomware crew

US cybercops take on 'pig butchering' org, return $9M in scammed crypto

Crims drain wallets of marks after letting them in on 'awesome crypto scheme secret'

Leader of pro-Russia DDoS crew Killnet 'unmasked' by Russian state media

Also: NXP China attack, Australia can't deliver on ransom payment ban (yet), and Justin Sun's very bad month

MOVEit victim count latest: 2.6K+ orgs hit, 77M+ people's data stolen

Real-life impact of buggy software laid bare – plus: Avast tries to profit from being caught up in attacks

Scores of US credit unions offline after ransomware infects backend cloud outfit

Supply chain attacks: The gift that keeps on giving

Mirai malware infects routers and cameras for new botnet

Akamai sounds the alarm – won't name the manufacturers yet

Rogue ex-Motorola techie admits cyberattack on former employer, passport fraud

Pro tip: Don't use your new work email to phish your old firm

'Serial cybercriminal and scammer' jailed for 8 years, told to pay back $1.2M

Crook did everything from SIM swaps to fake verified badge scams

Top Ukrainian cyber officials fired after allegedly pocketing kickbacks from govt IT deals

Duo probed over alleged $2M embezzlement plot

Clorox CISO flushes self after multimillion-dollar cyberattack

Plus: Ransomware crooks file SEC complaint against victim

Poloniex crypto-exchange offers 5% cut to thieves if they return that $120M they nicked

White hat bounty looks more like a beg bounty