Security

Cyber-crime

Guy who ran Bitcoins4Less tells Feds he had less than zero laundering protections

What? Yogurt Monster isn't really a legitimate customer's name?!


A California man has admitted he failed to bake anti-money laundering protections into his cryptocurrency exchange, thus allowing scammers and drug traffickers to launder millions of dollars through the service.

Charles James Randol, 33, who is now due to be sentenced, faces a maximum of five years in federal prison and three years supervised release, plus a fine of up to $250,000 or twice the total illicit proceeds from the scams, whichever amount is greater.

According to an agreement [PDF] with prosecutors to plead guilty, Randol said he operated a virtual-currency money company called Bitcoins4Less, and later Digital Coin Strategies, between October 2017 and July 2021. The business offered cash for Bitcoin and vice versa, with Randol collecting a commission on the payouts.

Randol provided cryptocurrency exchange services in various ways, including via the post, ATMs, and occasionally in person, prosecutors told a Los Angeles federal court on Tuesday. The Santa Monica man would handle crypto-cash transactions exceeding $10,000 without knowing who his customers were – folks known only as "Puppet Shariff," "White Jetta," "Aaavvv," "Aaaa," and "Yogurt Monster," for example – which is hardly in line with regulatory requirements.

To stay on the right side of American law, Randol should have verified and recorded their identities.

In his plea agreement, the cryptocurrency dealer admitted to three in-person transactions between October 2020 to January 2021 in which he gave an undercover FBI agent a total of $273,940 in cash for Bitcoin, and kept a four percent commission fee. 

Randol "did not request a name, proof of identity, social security number, or any other information about [the undercover agent] or the source of the funds being exchanged," the plea agreement says.

The business man also operated a network of automated kiosks in Southern California that converted cash to crypto, or Bitcoin to cash. And he used snail mail for his operation: unknown individuals mailed "large amounts of US currency" to his post office boxes, and Randol conducted Bitcoin-for-cash transactions for these shady individuals, too. 

"Additionally, when defendant received the packages, the cash was often packaged in a suspicious manner, including inside hidden children's books, concealed inside fake birthday or holiday presents, buried within puzzle pieces, or wrapped within multiple magazines," the court documents say.

FBI agents interviewed Randol about fraud proceeds that had been mailed to his post office boxes in June 2019. Two days later, Randol told a customer he was taking a "hiatus" from converting cash parcels into cryptocurrency because he "ran into an issue" with the Feds. Shortly after, however, Randol agreed to exchange $10,000 in cash for Bitcoin for this same anonymous punter. 

Regulations are what brought him down

Randol advertised his services on his website, and third-party sites like localbitcoins.com, which court documents say "falsely represented that Digital Coin Strategies was 'a fully compliant FinCEN registered money services business.'"

FinCEN, or the Financial Crimes Enforcement Network, is the US regulatory body that ensures money services businesses comply with the Bank Secrecy Act. The federal law requires such firms develop and maintain an anti-money laundering program, file reports for exchanges of currency larger than $10,000, conduct due diligence on customers, and file suspicious activity reports intended to prevent money laundering and other financial crimes.

"In truth, and as detailed below, defendant intentionally and willfully failed to comply with his obligations under the Bank Secrecy Act," according to the plea agreement.

Specifically, Randol failed to collect "appropriate information" about his customers, file transaction reports, and notify the government of "repeated" suspicious transactions.

His biz had a written anti-money laundering policy "to prohibit and actively prevent money laundering and any activity that facilitates money laundering or the funding of terrorist or criminal activities," that said Digital Coin Strategies would take the above-mentioned actions to comply with the federal law. 

Of course, the firm did not take any of these measures to prevent money laundering.

Randol did hire a compliance officer in September 2020, but he ignored this executive's advice to stop using accounts labeled "test" for customer transactions on Bitcoin kiosks. This person also warned Randol that his in-person transactions increased his risk of running afoul of the law, but Randol ignored that tip, too.

Although the plea agreement was filed on Tuesday, Randol will formally plead guilty to the charge in court at some point during the next few weeks. ®

Send us news
14 Comments

SEC SIM-swapper who Googled 'signs that the FBI is after you' put behind bars

Proving yet again that crims are bad at search hygiene

Snowflake CISO on the power of 'shared destiny' and 'yes and'

Lessons learned from last year's security snafu

Ex-NSA bad-guy hunter listened to Scattered Spider's fake help-desk calls: 'Those guys are good'

Plus, Co-op tells The Reg: 'we took early and decisive action' to block the crooks

Türkiye-linked spy crew exploited a messaging app zero-day to snoop on Kurdish army in Iraq

'MarbledDust' gang has honed the skills it uses to assist Ankara

Fired US govt workers, Uncle Xi wants you! – to apply for this fake consulting gig

Phony LinkedIn recruitment ads? Groundbreaking

DoorDash scam used fake drivers, phantom deliveries to bilk $2.59M

Entire process took less than five minutes, prosecutors say

Cyber fiends battering UK retailers now turn to US stores

DragonForce-riding ransomware ring also has 'shiny object syndrome' so will likely move on to another sector soon

Here's what we know about the DragonForce ransomware that hit Marks & Spencer

Would you believe it, this RaaS cartel says Russia is off limits

Ransomware scum have put a target on the no man's land between IT and operations

Defenses are weaker, and victims are more likely to pay, SANS warns

You think ransomware is bad now? Wait until it infects CPUs

Rapid7 threat hunter wrote a PoC. No, he's not releasing it

CISA has a new No. 2 ... but still no official top dog

Brain drain, budget cuts, constant cyberthreats - who wouldn't want this job?

Socket buys Coana to tell you which security alerts you can ignore

Sometimes, less information is more