A 31-year-old Moldovan citizen has been sentenced to 42 months in prison in the United States for operating an illicit marketplace called E-Root Marketplace that offered hundreds of thousands of compromised credentials for sale, the Department of Justice (DoJ) announced.
Sandu Boris Diaconu was charged with conspiracy to commit computer and access device fraud and possession of 15 or more unauthorized access devices. He pleaded guilty on December 1, 2023.
“The E-Root Marketplace operated through a widely distributed network and took steps to conceal the identities of its administrators, buyers, and sellers,” the DoJ said last week.
“Buyers may search for compromised computer credentials on E-Root, such as usernames and passwords that would allow shoppers to access remote computers for the purpose of stealing private information or manipulating the contents of the remote computer.”
Potential customers can also search for RDP and SSH credentials based on various filter criteria such as price, geographic location, Internet Service Provider, and operating system.
In an effort to hide traces of transactions, the market provided an online payment system called Perfect Money, which further made it possible to convert Bitcoin to and from Perfect Money. The infrastructure associated with E-Root and Perfect Money was seized by law enforcement in late 2020.
It is estimated that more than 350,000 credentials have been advertised for sale on the illicit market, with many of the victims subject to ransomware attacks and identity tax fraud schemes.
Diaconu, who served as administrator between January 2015 and February 2020, was arrested in the UK in May 2021 while trying to flee the country. He was extradited to the United States in late October 2023.
“The E-Root Marketplace operated through a widely distributed network and took steps to conceal the identities of its administrators, buyers, and sellers,” the DoJ said.
The development comes as the DoJ also says it is recovering $2.3 million in cryptocurrency tied to a hog slaughter romance scam that has victimized at least 37 people in the US
Such schemes try to build trust in victims in online communications and then trick them into investing in a cryptocurrency scam under the guise of quick returns. Instead, the funds are diverted to the fraudsters’ wallets, resulting in financial losses.
According to anti-fraud company Web3 Scam Sniffer, approximately 57,000 victims lost approximately $47 million to crypto phishing scams in February 2024 alone.
“Compared to January, the number of victims who lost more than $1 million decreased by 75%,” it said. She said in a series of posts on X (formerly Twitter). “Most victims were lured to phishing websites through phishing comments from fictitious Twitter accounts.”