A Connecticut man pleaded guilty last week to stealing Bitcoin from users of Dark Web marketplaces, said the Department of Justice on Tuesday.
The FBI arrested the man — Michael Richo, 35, of Wallingford, Connecticut — on November 6, 2014, but only arraigned him in court last year in October.
According to court documents obtained by Bleeping Computer, Richo had used his technical skills to set up phishing sites for popular Dark Web markets. The documents did not mention the names of these portals.
Once he gained access to a user's credentials, he used the logins to access the user's profile and steal Bitcoin from the wallet associated with the Dark Web marketplace.
This week, in court, Richo admitted to stealing Bitcoin worth of $365,000. The FBI found over 10,000 stolen credentials on equipment seized from his house following a search warrant.
Court documents reveal Richo used two techniques to carry out his phishing scheme.
He would post fake links on forums to these markets which would direct users to a fake login page hosted on a laptop at his house. The login page would look exactly like the real login pages for the various market sites. When users would attempt to log in, he would steal their usemames and passwords.
The other technique RICHO used to steal login credentials involved posting fake links on forums that when clicked would "port forward" the users through RICHO's computer server to the actual marketplace site where users would log in. RICHO would keylog all of the user's traffic including their login information.
Using stolen credentials, Richo accessed accounts on these Dark Web marketplaces and transferred funds to his Bitcoin wallet on the Local Bitcoins service.
Investigators say that when Richo needed money, he would convert the stolen Bitcoin into dollars and deposit the stolen funds into his Bank of America account or Green Dot prepaid debit cards. Additionally, he would also withdraw money via Western Union or MoneyGram transfers.
Investigators also found text chats on his computer where Richo bragged about his phishing scheme.
"I make my own phishing sites for darknet .onion drug sites. I make $1000 a day," wrote Richo in a chat, using the username fatfreak82828.
In another message, he also bragged about having experience with "exploits, scanning, etc, rooting boxes, backdoors" and about building a botnet of Windows computers.
Authorities released Richo on bond with computer monitoring conditions last year. The man faces up to 10 years in prison for one count of access device fraud, and 20 years in prison for one count of money laundering. His sentencing is scheduled on September 28, 2017.