The U.S. Department of Justice (DoJ) announced that a 31-year-old Moldovan citizen has been sentenced to 42 months in prison in the United States for operating an illegal marketplace called E-Root Marketplace, which sold hundreds of thousands of stolen credentials.
Sandu Boris Diaconu was charged with conspiracy to commit access device and computer fraud and possession of 15 or more unauthorized access devices. He pleaded guilty on December 1, 2023.
“E-Root marketplaces operate on widely distributed networks and take steps to conceal the identities of their administrators, buyers, and sellers,” the U.S. Department of Justice said last week.
“Buyers can search for compromised computer credentials on E-Root, such as usernames and passwords that would allow the buyer to access a remote computer to steal private information or manipulate the contents of the remote computer.”
Potential customers can also search for RDP and SSH credentials based on various filtering criteria such as price, location, ISP, and operating system.
In order to hide transaction tracks, the market provides an online payment system called Perfect Money, which further makes the exchange between Bitcoin and Perfect Money possible. By the end of 2020, law enforcement had seized infrastructure related to E-Root and Perfect Money.
It is estimated that there are more than 350,000 credentials advertised for sale on the illegal market, with many victims suffering from ransomware attacks and identity tax fraud schemes.
Diaconu, who served as administrator from January 2015 to February 2020, was arrested in the UK in May 2021 while trying to flee the country. He was extradited to the United States in late October 2023.
“E-Root marketplaces operate on widely distributed networks and take steps to conceal the identities of their administrators, buyers, and sellers,” the DOJ said.
At the same time, the U.S. Department of Justice also said it was recovering $2.3 million worth of cryptocurrency in connection with a pig-killing romance scam that killed at least 37 people across the United States.
Such schemes aim to build trust with victims through online communications and then lure them into investing in cryptocurrency scams under the guise of quick returns. Instead, the funds are transferred to the scammer’s wallet, resulting in financial losses.
According to data from Web3 anti-fraud company Scam Sniffer, in February 2024 alone, approximately 57,000 victims lost approximately $47 million to cryptocurrency phishing scams.
“Compared to January, the number of victims with losses exceeding $1 million decreased by 75%,” explain A series of posts on X (formerly Twitter). “Most victims are lured to phishing sites through phishing comments impersonating Twitter accounts.”
