Skip to main content
Press Release

Wallingford Man Charged with Stealing Bitcoins in Dark Web Phishing Scheme

For Immediate Release
U.S. Attorney's Office, District of Connecticut

Deirdre M. Daly, United States Attorney for the District of Connecticut, and Patricia M. Ferrick, Special Agent in Charge of the New Haven Division of the Federal Bureau of Investigation, announced that MICHAEL RICHO, 34, of Wallingford, was arrested today on a criminal complaint charging him with access device fraud, computer fraud, wire fraud, identity theft and money laundering offenses in connection with a scheme to steal bitcoins in an online phishing scheme.

According to the criminal complaint, RICHO engaged in an online phishing scheme to steal bitcoins from individuals on the dark web.  Bitcoins are a form of electronic currency and online marketplaces on the dark web typically accept them as a payment method.

The complaint alleges that RICHO posted fake links to online marketplaces on dark web forums.  The links directed individuals to a fake login page that looked like the real login pages for the various online marketplaces.  When individuals attempted to log in, RICHO stole his or her username and password.  Once he had an individual’s username and password, RICHO monitored the individual’s bitcoin balance at the real marketplace.  If the individual later deposited bitcoins with the real marketplace, RICHO withdrew the bitcoins before the individual could spend them and caused the stolen bitcoins to be deposited into his own bitcoin wallet.  RICHO then sold the stolen bitcoins to others in exchange for U.S. currency, which was deposited into a bank account that RICHO controlled.

The complaint alleges that RICHO had over 10,000 stolen usernames and passwords saved on his computer.

RICHO appeared this afternoon before U.S. Magistrate Judge Sarah A. L. Merriam in New Haven and was released on a $100,000 bond.

Money laundering carries a maximum term of imprisonment of 20 years, wire fraud carries a maximum term of imprisonment of 20 years, access device fraud carries a maximum term of imprisonment of 10 years, computer fraud carries a maximum term of imprisonment of five years, and aggravated identity theft carries a mandatory term of imprisonment of two years.

U.S. Attorney Daly stressed that a complaint is only a charge and is not evidence of guilt.  Charges are only allegations, and a defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt.

This matter is being investigated by the Federal Bureau of Investigation and is being prosecuted by Assistant U.S. Attorney Neeraj N. Patel.

Updated October 5, 2016

Identity Theft