Ontario Securities Commission: QuadrigaCX Was Fraud, Late Founder Gerald Cotten Ran Ponzi Scheme

On June 11, the Ontario Securities Commission announced that a panel of the Commission authorized the publication of a Commission staff report regarding the 2019 collapse of crypto asset trading platform QuadrigaCX (Quadriga).  The Commission stated that the collapse, which occurred after the sudden death of its co-founder and CEO Gerald Cotton, “caused massive losses for 76,000 investors from Canada and around the world, who collectively lost at least $169 million. Approximately 40 per cent of these investors were Ontarians.”

The Commission staff’s key conclusion was that Quadriga’s collapse resulted from a massive fraud by Cotton. As the Commission put it,

Cotten opened accounts under aliases and credited himself with fictitious currency and crypto asset balances, which he traded with unsuspecting Quadriga clients.  Cotten sustained real losses when the price of crypto assets changed, thereby creating a shortfall in assets available to satisfy client withdrawals.  Cotten covered this shortfall with other clients’ deposits – in effect, operating a Ponzi scheme.  Staff calculated that the bulk of the $169 million in client losses – approximately $115 million – arose from Cotten’s fraudulent trading.

The Commission staff also determined “that Cotten misappropriated millions in client assets to fund his lavish lifestyle.”  “In its final months,” they noted, “Quadriga had almost no assets left and was operating like a revolving door—new client deposits were immediately re-routed to fund other clients’ withdrawals.”

Note: This report is likely the most complete account of Quadriga’s operations and collapse that will be available for some time.  Over a ten-month period, the Commission staff – owing in part to the fact that Quadriga did not maintain proper business records — analyzed trading and blockchain data, as well as records from third-party payment processors, banks, and other crypto asset trading platforms, interviewed key witnesses, and collaborated with numerous regulatory agencies in Canada and other countries.  In particular, to determine how Cotten managed Quadriga client assets, the staff analyzed “platform data relating to more than 368,000 client accounts and over six million individual transactions, as well as thousands of Quadriga-related emails.”

In view of the fact that Cotton is deceased and Quadriga bankrupt and subject to a court-supervised distribution process, a full accounting of what happened with Quadriga is as much satisfaction as most investors and the general public are likely to get.  Compliance officers in the financial sector should review the report in detail, to see how Cotten was able to maintain and expand the scheme through Quadriga over an extended period until his death.  Crypto investors should also read the report closely, for two reasons: (1) as a general cautionary tale; and (2) as a means of learning the kinds of red flags that should prompt prospective investors to shy away from other high-risk crypto asset trading platforms, especially if those platforms assert that they are not subject to registration with securities or commodities regulators.

Justice Department Obtains Indictment Against Four Senior Executives for Price-Fixing and Bid-Rigging in Broiler-Chicken Market

On June 3, the U.S. Department of Justice announced that it had obtained an indictment against four current and former senior executives from two major broiler chicken producers, for conspiring to fix prices and rig bids for broiler chickens under section 1 of the Sherman Act.  (Broiler chickens are chickens raised for human consumption and sold to grocers and restaurants.)

According to the indictment in this case, from at least as early as 2012 until at least early 2017, two executives of a Colorado-headquartered chicken supplier — Jayson Penn, the President and Chief Executive Officer, and Roger Austin, a former Vice President – and two executives of a Georgia-headquartered broiler chicken producer — Mikell Fries, the President and a member of the board, and Scott Brady, a Vice President – participated in a conspiracy to fix prices and rig bids for broiler chickens across the United States.

The indictment specifically alleged that the four defendants and other unidentified coconspirators participated in a network that they used to pursue the following aims:

  • “to reach agreements and understandings to submit aligned, though not necessarily identical, bids and to offer aligned, though not necessarily identical, prices, and price-related terms, including discount levels, for broiler chicken products sold in the United States”;
  • “to participate in conversations and communications relating to nonpublic information such as bids, prices, and price-related terms, including discount levels, for broiler chicken products sold in the United States with the shared understanding that the purpose of the conversations and communications was to rig bids, and to fix, maintain, stabilize, and raise prices and other price-related terms, including discount levels, for broiler chicken products sold in the United States”; and
  • “to monitor bids submitted by, and prices and price-related terms, including discount levels, offered by, Suppliers and co-conspirators for broiler chicken products sold in the United States.”

It also sets forth sequences of emails that appear to demonstrate ongoing discussions between the defendants relating to pricing for dark chicken meat and wings, and to dark meat and chicken-on-the-bone supplies.  It further alleged the defendants’ discussions of protecting, and thereafter acting to protect, the purpose and effectiveness of the conspiracy, through sequences of emails.

Note: This indictment is noteworthy because these four defendants, in the Department’s words, “are the first to be charged in an ongoing criminal investigation into price fixing and bid rigging involving broiler chickens.”

Because price-fixing and bid-rigging are core criminal violations under the Sherman Act, antitrust compliance officers should brief senior executives in their firms about this indictment, and include information from the indictment in antitrust-compliance training materials.  Those briefing and training materials should include examples of the types of alleged email exchanges between the executives, to show the kinds of words and actions that the Antitrust Division is likely to consider highly probative of executives’ knowledge of and participation in price-fixing and bid-rigging.

Nigerian EFCC Acting Chairman Offers Business Intelligence to Prospective Investors in Nigeria

On May 23, the Acting Chairman of the Nigerian Economic and Financial Crimes Commission (EFCC), Ibrahim Magu, offered to provide business intelligence to prospective investors in Nigeria.

Speaking at a virtual conference of 500 Nigerians in diaspora around the world, Magu stated that the EFCC, which is responsible for preventing, investigating, prosecuting, and penalizing economic and financial crimes in Nigeria, “is aware of the frustration, uncertainties and risks, local fraudsters are posing to credible businessmen and women abroad, who wish to invest in the Nigerian economy.” For that reason, he said, the EFCC “is ready to offer intelligence services to anyone seeking genuine business partners in Nigeria.”  He explained that the EFCC would obtain and deliver “[p]rofiles of potential business partners in Nigeria . . . to the foreign-based investors” to assist them in making decisions on who might be a legitimate local business partner.

Magu further offered to provide “intelligence on any line of business desired by the Nigerians in the diaspora.  We are ready to do all these to encourage credible and serious investors who do not want to be defrauded by fraudsters at home.”

Magu also urged Nigerians in the diaspora to avail themselves of the opportunities the EFCC is offering, to bring more investments into the local economy in Nigeria, and to support the EFCC’s anti-corruption efforts “by exposing foreign assets of local politicians” under the Nigerian government’s whistle- blowing policy.

Note: Companies that are interested in doing business in Nigeria, but that have concerns about the reliability of prospective business partners there, should take Acting Chairman Magu’s offers seriously.  While Nigeria continues to grapple with its longstanding reputation for extensive fraud and corruption, the EFCC has repeatedly demonstrated, to Nigeria and other countries, its effectiveness and integrity in investigating and prosecuting fraud and corruption.  Chairman Magu’s offers reflect a sincere interest in enabling prospective investors to avoid running afoul of criminal groups.

Companies should therefore test the waters with the EFCC and request business intelligence on several prospective and current Nigerian business partners.   As this service will cost a company nothing, and potentially enhance the company’s corporate due diligence, companies can determine for themselves the value of the EFCC’s assistance, and, if it proves beneficial, expand its use of the EFCC’s resources for future due diligence.  Contact information for the EFCC is available here.

U.S. Department of Justice Indicts Three for Iranian Sanctions-Related Crimes, Extradites One Defendant

On May 18, the U.S. Department of Justice announced the unsealing of an indictment against two individuals and a company for conducting financial transactions in violation of U.S. sanctions against Iran.  The three defendants — Iranian Internet-based financial-services company Payment24, Payment24’s founder and Chief Executive Officer Seyed Sajjad Shahidian, and Payment24’s Chief Operating Officer Vahid Vali — were charged with conspiracy to commit offenses against and to defraud the United States, wire fraud, money laundering, and identity theft.  Shahidian had previously been arrested in and extradited from the United Kingdom to the United States; Vali remains at large.

According to the Justice Department, Payment24, which had offices in Tehran, Shiraz, and Isfahan, Iran, had as its primary business

helping Iranian citizens conduct prohibited financial transactions with businesses based in the United States, including the unlawful purchase and exportation of computer software, software licenses, and computer servers from United States companies.  According to PAYMENT24’s website, the company charged a fee to circumvent “American sanctions,” and claimed to have brought in millions of dollars of foreign currency into Iran.

The indictment alleged that beginning in or before 2009 through November 2018, Shahidian conspired with Vali and other individuals to commit federal criminal offenses by violating the restrictions on trade and exports from the United States to Iran.  Payment24 sold on its website

a package to assist its Iranian clients with making online purchases from United States-based businesses, which included a PayPal account, a fraudulent “ID card and address receipt,” a remote IP address from the United Arab Emirates, and a Visa gift card.  The PAYMENT24 website also offered its clients advice on how to create accounts with a foreign identity and how to avoid restrictions on foreign websites, including advising clients to “never attempt to log into those sites with an Iranian IP address.

As part of the scheme to violate sanctions restrictions, Shahidian and Vali allegedly made material misrepresentations and omissions to U.S.-based businesses regarding the destination of the U.S.-origin goods.  To accomplish the transactions, Shahidian obtained payment processing accounts from U.S.-based companies using false residency information, fraudulent passport documents, and other false documents that were “fabricated using the identity and personally identifiable information of another person.”

Note:  Iranian media have reportedly described Shahidian as “as a successful entrepreneur and a capable financial manager who earned $2.5 million in five years.”  What is otherwise noteworthy about this case is that after Shahidian’s provisional arrest in the United Kingdom, Iranian Embassy officials met with him to offer consular support, but he reportedly refused the offer.

In any event, sanctions compliance officers should share this information about the indictment with senior executives, and incorporate the details as appropriate into their corporate sanctions training courses and materials.

VMware Issues “Modern Bank Heists 3.0” Report Featuring Cyberthreat Data Analysis and CISO Survey Data

On May 14, enterprise software firm VMware released its “Modern Bank Heists 3.0” report on key trends and developments pertaining to cyberattacks against financial institutions. The report (available here) combines threat data analysis by VMWare’s Carbon Black team with survey responses from 25 financial institution Chief Information Security Officers (CISOs) reflecting trends over the past 12 months.

Key findings and responses in the report included the following:

  • Threat Data Analysis:
    • From the start of February to the end of April 2020, attacks targeting the financial sector grew by 238 percent, and ransomware attacks against the financial sector increased by nine times.
    • 27 percent of all cyberattacks to date in 2020 have targeted either the healthcare sector or the financial sector.
  • Survey Responses:
    • 80 percent of surveyed financial institutions reported an increase in cyberattacks (a 13 percent increase from 2019).
    • 82 percent said that cybercriminals have become more sophisticated.
    • 64 percent reported increased fraudulent wire transfer attempts (a 17 percent increase from 2019). The report added that these attacks “are often performed by exploiting gaps in the wire transfer verification process or through social engineering attacks targeting customer service representatives and consumers directly.”  It also noted that cybercriminals “exhibit tremendous situational awareness regarding SWIFT messaging. This is compounded with their newfound understanding of the criticality of portfolio managers’ positions.”
    • 33 percent said that they have encountered an attack leveraging “island hopping” (i.e., “an attack where supply chains and partners are commandeered to target the primary financial institution”).
    • 25 percent said that they were targeted by destructive attacks (i.e., attacks “launched punitively to destroy data and dismantle subnets”).
    • 20 percent said that they experienced a “watering-hole attack” (i.e., attacks in which financial institution and bank regulatory websites “are hijacked and used to pollute visitors’ browsers”).
  • Key Attack Trends:
    • Among the top attacks seen across multiple sectors, including finance, are the Emotet family of banking malware and the Kryptic trojan, which was one of the infections found in the 2015 attack on the Ukrainian power grid.
  • Cyberattacker Tactics, Techniques, and Procedures (TTPs):
    • The report stated that
      • “cybercriminals have dramatically increased their knowledge of the policies and procedures of financial institutions. They are keenly aware of the incident response (IR) stratagems being employed by IR teams and the blind spots that exist within every institution. Given the tactical shifts of the cognitive attack loop, they are maintaining and manipulating their positions within networks because of the noise created by incident response and the lack of security controls integration.”
    • It also discussed leading methods by which cybercriminals are exploiting processes running on systems. According to data from MITRE, the most prominent threat identifications affecting the financial sector from March 2019 to February 2020 were process discovery (64.81 percent) and process injection (i.e., “a method of executing arbitrary code in the address space of a separate live process,” which “may allow access to the process’s memory, system/network resources, and possibly elevated privileges”) (25.04 percent).

To respond to these cyberattack methods, the report recommended five steps for financial institutions in responding to incidents:

  1. “Stand up a secondary line of secure communications” to discuss the ongoing incident, as cyberattackers may be intercepting, viewing, modifying, and otherwise compromising internal communications.
  2. “Assume the adversary has multiple means of gaining access into the environment.”
  3. “Watch and wait” rather than immediately starting to block malware activity and to shut off access, as the institution needs to determine potential avenues of reentry by the attackers.
  4. “Deploy agents (if you must) in monitor-only mode” to avoid tipping off the attackers by trying to block or otherwise impede their activities.
  5. Deploy honey tokens (i.e., “fake digital data objects planted among real data objects and used in an attempt to detect data misuse by insiders”) or “deception grids” (i.e. cyber deception technology that uses decoys that “mimic user activities, while acting like real exploited users,” as well as hacker-tracing capabilities).

Note:  Information-security officers at financial institutions should distribute copies of this report to their teams, and incorporate specific findings from it into executive-level briefings and training on cybersecurity risks.  Senior leadership in financial institutions needs to understand the degree of sophistication that cyberattackers routinely display in their efforts to acquire or destroy vital data, if they are to make sound judgments about the resources that their CISOs need on a continuing basis.