Reports have surfaced that a criminal ring hacked into JPMorgan Chase in what investigators are calling the “largest theft of customer data” in the history of the United States. In addition to Chase, information was also stolen from E*Trade, Scottrade, as well as the Dow Jones & Company. The only institution named in court documents was JPMorgan Chase.

Crime with Multi-National Players

A U.S. citizen named Joshua Samuel Aaron was at the center of the scheme. Aaron had been living in Moscow and was extradited back to his native land to stand trial. He had been in cahoots with several other men, two of which were Gery Shalon and Ziv Orenstein, both Israelis. The two had been arrested in Israel in 2015, and the United States is seeking extradition for crimes committed within its borders.

Aaron had previously evaded arrest in Moscow and was in hiding before being arrested last year. According to his attorney, he turned himself in. He is charged with being part of a money-laundering conspiracy, colluding to committing computer hacking and identity theft, along with several counts of fraud.

Aaron and crew were actually working to conceal their illegal Bitcoin operation, Coin.mx. The idea behind the scam was to allow users to exchange their cash for Bitcoin but the cohorts then needed a way to process the money they were receiving each month. They did this by enlisting the help of an obscure credit union located in New Jersey, Helping Other People Excel FCU.

Attempts to Hide the Racket

The scheme involved bribing the chairman of the small bank, Trevon Gross, with over $150,000. He then placed several members of the illicit Coin.mx on his board of directors. FCU was only initially comprised of 96 members and had assets totaling $290,000. At the behest of his new officers, the enterprise went on to process $30 million worth of ACH payments every month. Gross also now faces charges related to bribery.

In emails written by Gross, it was evident that he was concerned about the intrigue needed to keep his dealings covert. He stated openly that there was no way to monitor the cash that went through his company and that it certainly could have been used for unlawful activities. He admittedly had not performed required Bank Secrecy Act protocol.

The National Credit Union Association, a federal agency, was aware of the transactions occurring at Gross’s business, but it is not clear when they first became suspicious. The NCUA eventually took action by forcing the enterprise to stop processing payments. They then required Gross to remove those associated with Coin.mx from their board. In November of 2015, the NCUA took steps to see to the liquidation of the establishment.

Additional Acts of Deception

One of the men involved, Murgio, added another layer to this scam, when he opened checking accounts in order to move money from one place to another. He told lenders that his revenue came from running a members-only group that traded in highly collectible, and expensive, memorabilia. His accounts would be closed under suspicion of wrongdoing, and he would then go to other bankers to look for other opportunities.

The men also used stolen intelligence to send emails to investors in penny stocks, advising them to act in ways that would inflate prices. This then led to profits in the millions of dollars, as the fraudsters would then dump their stocks after the price fluctuations went into effect. Total monies made are estimated to be around $100 million.