A 31-year-old Moldovan citizen has been handed a 42-month prison term in the United States for managing an unlawful marketplace named E-Root Marketplace, which traded hundreds of thousands of compromised credentials, as per the Department of Justice (DoJ).
Sandu Boris Diaconu faced charges related to conspiring to commit access device and computer fraud, as well as possession of 15 or more unauthorized access devices. He entered a guilty plea on December 1, 2023.
“The E-Root Marketplace functioned through a widely dispersed network and took measures to conceal the identities of its operators, purchasers, and vendors,” declared the DoJ last week.
Digital Security “Purchasers had the ability to search for compromised computer access credentials on E-Root, including usernames and passwords enabling access to remote computers for purposes like pilfering private data or tampering with the remote computer’s contents.”
Potential clients could also browse for RDP and SSH credentials using various filters such as price, geographical location, internet service provider, and operating system.
In an effort to obfuscate transaction trails, the marketplace offered an online payment platform named Perfect Money, facilitating conversion between Bitcoin and Perfect Money. Law enforcement seized the infrastructure linked to E-Root and Perfect Money by late 2020.
It’s estimated that over 350,000 credentials were advertised for sale on the illicit marketplace, with numerous victims falling prey to ransomware assaults and identity theft schemes.
Diaconu, who served as the administrator from January 2015 to February 2020, was apprehended in the U.K. in May 2021 while attempting to flee the country. He was extradited to the U.S. in late October 2023.
“The E-Root Marketplace functioned through a widely dispersed network and took measures to conceal the identities of its operators, purchasers, and vendors,” reiterated the DoJ.
This development coincides with the DoJ’s announcement of the recovery of $2.3 million in cryptocurrency associated with a pig farming romance scam that defrauded at least 37 individuals across the U.S.
Digital Security Such schemes aim to establish rapport with victims through online communication and then persuade them to invest in a cryptocurrency scam promising swift returns. Instead, the funds are diverted to the scammers’ wallets, resulting in financial losses.
According to Web3 anti-fraud firm Scam Sniffer, approximately 57,000 individuals fell victim to crypto phishing scams, losing around $47 million in February 2024 alone.
“Compared to January, the number of victims losing over $1 million decreased by 75%,” noted the company in a series of posts on X (formerly Twitter). “The majority of victims were drawn to phishing websites via comments from impersonated Twitter accounts.”
