Page 1 PageID#
b. On or about August 9, 2016, Exchange 2 used AWS-controlled IP address to
deliver an account creation verification for an account set up in the name of a
United States identity theft victim. Further, the conspirators caused Exchange to use IP addresses associated with a computer located in the Eastern District of
Virginia on other occasions.
c. On or about August 9, 2016, Exchange 2 used a computer associated with an
AWS-controlled IP address to deliver an account creation verification for an
account set up in the name of a United States identity theft victim. Further, the
conspirators caused Exchange 2 to use a computer associated with IP addresses
located in the Eastern District of Virginia on other occasions.
K.
LIFSHITS and Co-Conspirators Deprived Exchange 1 of its Property
76.
Law enforcement spoke with compliance personnel at Exchange 1. Compliance
personnel stated that in order to comply with federal law and regulations, Exchange 1 is required
to identify its customers. For that purpose, Exchange 1 collects personally identifiable
information from account applicants. Exchange 1 then directs applicants to a third-party service
provider that requires the applicant to upload a photo of their government-issued photo
identification, as well as a photo of themselves. The third-party service provider then examines
these documents and photos for authenticity and signs of tampering. Compliance personnel
stated that Exchange 1 does this to comply both with law and regulations and to prevent fraud on
their platform.
77.
Exchange 1 compliance personnel stated that Exchange 1 would not open an
account if it knew that an applicant used fraudulent identifiers or a fraudulent identity document
to register an account. Compliance personnel stated that regulatory fines could be levied against
Page 31 of 34Page 2 PageID#
the company, and that “fraudsters” operating on the Exchange 1 platform could expose the
company to civil liability. Compliance personnel stated that individuals using false
identifications to establish Exchange 1 accounts are likely using the accounts for other unlawful
activity, which exposes the company to even greater regulatory penalties, including possible
fines. Indeed, Exchange 1 also holds financial institution licenses in several states, and states
could levy their own penalties. For these reasons, Exchange 1 considers itself a victim of fraud
whenever a user opens or uses an account — including, specifically, the T.W. Exchange account used by LIFSHITS — that is predicated on fraudulent or stolen identity information.
78.
Thus, by opening and using the T.W. Exchange 1 Account, which was setup using
the stolen identifiers of a real United States person, LIFSHITS and his co-conspirators through
their fraudulent misrepresentations deprived Exchange 1 of its right to control its assets.
According to Exchange 1 compliance personnel, the misrepresentations that were made in
opening the T.W. Exchange 1 Account could cause tangible economic harm, which is why
Exchange 1 does not knowingly permit customers to use stolen identifiers to open accounts. See,
e.g., United States v. Lebedev, 932 F.3d 40, 48-49 (2d Cir. 2019) (holding that financial
institutions were deprived of their right to control their assets when a defendant disguised that he
operated an illegal money service business); see also United States v. Finazzo, 850 F.3d 94, 11011 (2d Cir. 2017) (holding that misrepresentations or nondisclosure of information may support
mail or wire fraud conviction under “right to control” theory if misrepresentations or
nondisclosures can or do result in tangible economic harm); United States v. Binday, 804 F.3d
587, 571 (2d Cir. 2015) (holding cognizable harm occurs under mail and wire fraud statutes
where defendant misrepresentations deprive a victim of potentially valuable economic
information).
Page 32 of 34Page 3 PageID#
L.
LIFSHITS and his Co-Conspirators Conspired to Commit Aggravated
Identity Theft
79.
As described in the previous section, on December 29, 2017, LIFSHITS accessed
the T.W. Exchange 1 Account to transfer funds to his personal Exchange 3 account. By doing
so, LIFSHITS knowingly possessed and used the identification of United States individual,
T.W., in order to transact the wire scheme in transferring funds between cryptocurrency
accounts. In particular, he accessed T.W.’s name, date of birth, and address. This type of
personally identifiable information is a “means of identification” as defined in Title 18, United
States Code, Section 1028(d)(7).
80.
Moreover, based on Exchange 1’s thorough account verification features,
LIFSHITS and his co-conspirators had every reason to believe that the personally identifiable
information used to open the T.W. Exchange 1 Account belonged to a real United States person.
81.
Based on the forensic cryptocurrency analysis, the IP address usage, Exchange 1’s
verification procedures, and the statements made by the victim, when LIFSHITS accessed the
T.W. Exchange 1 Account and then proceeded to transfer funds from that account to his
Exchange 3 accounts, LIFSHITS knowingly and unlawfully used T.W.’s means of identification
in furtherance of the scheme to defraud Exchange 1 of its property. I therefore submit that there
is probable cause to believe that LIFSHITS committed and conspired to commit aggravated
identity theft, in violation of Title 18, United States Code, Section 1028A.
Page 33 of 34Page 4 PageID#
Digitally signed by Theresa
Carroll Buchanan
Date: 2020.09.10 11:10:-04'00'
UIPage 5 PageID#
Attachment APage 6 PageID# 37Page 7 PageID# 38Page 8 PageID# 39Page 9 PageID# 40Page 10 PageID# 41Page 11 PageID# 42Page 12 PageID# 43Page 13 PageID# 44Page 14 PageID# 45Page 15 PageID# 46Page 16 PageID# 47Page 17 PageID# 48Page 18 PageID# 49Page 19 PageID# 50Page 20 PageID# 51Page 21 PageID# 52Page 22 PageID# 53Page 23 PageID# 54Page 24 PageID# 55Page 25 PageID# 56Page 26 PageID# 57Page 27 PageID# 58Page 28 PageID# 59Page 29 PageID# 60Page 30 PageID# 61
PDF Page 1
PlainSite Cover Page
PDF Page 2
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 1 of 30 PageID# 32
b. On or about August 9, 2016, Exchange 2 used AWS-controlled IP address to
deliver an account creation verification for an account set up in the name of a
United States identity theft victim. Further, the conspirators caused Exchange 2
to use IP addresses associated with a computer located in the Eastern District of
Virginia on other occasions.
c. On or about August 9, 2016, Exchange 2 used a computer associated with an
AWS-controlled IP address to deliver an account creation verification for an
account set up in the name of a United States identity theft victim. Further, the
conspirators caused Exchange 2 to use a computer associated with IP addresses
located in the Eastern District of Virginia on other occasions.
K.
LIFSHITS and Co-Conspirators Deprived Exchange 1 of its Property
76.
Law enforcement spoke with compliance personnel at Exchange 1. Compliance
personnel stated that in order to comply with federal law and regulations, Exchange 1 is required
to identify its customers. For that purpose, Exchange 1 collects personally identifiable
information from account applicants. Exchange 1 then directs applicants to a third-party service
provider that requires the applicant to upload a photo of their government-issued photo
identification, as well as a photo of themselves. The third-party service provider then examines
these documents and photos for authenticity and signs of tampering. Compliance personnel
stated that Exchange 1 does this to comply both with law and regulations and to prevent fraud on
their platform.
77.
Exchange 1 compliance personnel stated that Exchange 1 would not open an
account if it knew that an applicant used fraudulent identifiers or a fraudulent identity document
to register an account. Compliance personnel stated that regulatory fines could be levied against
Page 31 of 34
PDF Page 3
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 2 of 30 PageID# 33
the company, and that “fraudsters” operating on the Exchange 1 platform could expose the
company to civil liability. Compliance personnel stated that individuals using false
identifications to establish Exchange 1 accounts are likely using the accounts for other unlawful
activity, which exposes the company to even greater regulatory penalties, including possible
fines. Indeed, Exchange 1 also holds financial institution licenses in several states, and states
could levy their own penalties. For these reasons, Exchange 1 considers itself a victim of fraud
whenever a user opens or uses an account — including, specifically, the T.W. Exchange 1
account used by LIFSHITS — that is predicated on fraudulent or stolen identity information.
78.
Thus, by opening and using the T.W. Exchange 1 Account, which was setup using
the stolen identifiers of a real United States person, LIFSHITS and his co-conspirators through
their fraudulent misrepresentations deprived Exchange 1 of its right to control its assets.
According to Exchange 1 compliance personnel, the misrepresentations that were made in
opening the T.W. Exchange 1 Account could cause tangible economic harm, which is why
Exchange 1 does not knowingly permit customers to use stolen identifiers to open accounts. See,
e.g., United States v. Lebedev, 932 F.3d 40, 48-49 (2d Cir. 2019) (holding that financial
institutions were deprived of their right to control their assets when a defendant disguised that he
operated an illegal money service business); see also United States v. Finazzo, 850 F.3d 94, 11011 (2d Cir. 2017) (holding that misrepresentations or nondisclosure of information may support
mail or wire fraud conviction under “right to control” theory if misrepresentations or
nondisclosures can or do result in tangible economic harm); United States v. Binday, 804 F.3d
587, 571 (2d Cir. 2015) (holding cognizable harm occurs under mail and wire fraud statutes
where defendant misrepresentations deprive a victim of potentially valuable economic
information).
Page 32 of 34
PDF Page 4
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 3 of 30 PageID# 34
L.
LIFSHITS and his Co-Conspirators Conspired to Commit Aggravated
Identity Theft
79.
As described in the previous section, on December 29, 2017, LIFSHITS accessed
the T.W. Exchange 1 Account to transfer funds to his personal Exchange 3 account. By doing
so, LIFSHITS knowingly possessed and used the identification of United States individual,
T.W., in order to transact the wire scheme in transferring funds between cryptocurrency
accounts. In particular, he accessed T.W.’s name, date of birth, and address. This type of
personally identifiable information is a “means of identification” as defined in Title 18, United
States Code, Section 1028(d)(7).
80.
Moreover, based on Exchange 1’s thorough account verification features,
LIFSHITS and his co-conspirators had every reason to believe that the personally identifiable
information used to open the T.W. Exchange 1 Account belonged to a real United States person.
81.
Based on the forensic cryptocurrency analysis, the IP address usage, Exchange 1’s
verification procedures, and the statements made by the victim, when LIFSHITS accessed the
T.W. Exchange 1 Account and then proceeded to transfer funds from that account to his
Exchange 3 accounts, LIFSHITS knowingly and unlawfully used T.W.’s means of identification
in furtherance of the scheme to defraud Exchange 1 of its property. I therefore submit that there
is probable cause to believe that LIFSHITS committed and conspired to commit aggravated
identity theft, in violation of Title 18, United States Code, Section 1028A.
Page 33 of 34
PDF Page 5
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 4 of 30 PageID# 35
Digitally signed by Theresa
Carroll Buchanan
Date: 2020.09.10 11:10:57
-04'00'
UI
PDF Page 6
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 5 of 30 PageID# 36
Attachment A
PDF Page 7
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 6 of 30 PageID# 37
PDF Page 8
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 7 of 30 PageID# 38
PDF Page 9
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 8 of 30 PageID# 39
PDF Page 10
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 9 of 30 PageID# 40
PDF Page 11
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 10 of 30 PageID# 41
PDF Page 12
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 11 of 30 PageID# 42
PDF Page 13
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 12 of 30 PageID# 43
PDF Page 14
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 13 of 30 PageID# 44
PDF Page 15
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 14 of 30 PageID# 45
PDF Page 16
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 15 of 30 PageID# 46
PDF Page 17
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 16 of 30 PageID# 47
PDF Page 18
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 17 of 30 PageID# 48
PDF Page 19
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 18 of 30 PageID# 49
PDF Page 20
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 19 of 30 PageID# 50
PDF Page 21
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 20 of 30 PageID# 51
PDF Page 22
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 21 of 30 PageID# 52
PDF Page 23
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 22 of 30 PageID# 53
PDF Page 24
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 23 of 30 PageID# 54
PDF Page 25
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 24 of 30 PageID# 55
PDF Page 26
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 25 of 30 PageID# 56
PDF Page 27
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 26 of 30 PageID# 57
PDF Page 28
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 27 of 30 PageID# 58
PDF Page 29
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 28 of 30 PageID# 59
PDF Page 30
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 29 of 30 PageID# 60
PDF Page 31
Case 1:20-mj-00256-TCB Document 2-1 Filed 09/10/20 Page 30 of 30 PageID# 61