The Department of Justice (DOJ) filed criminal charges against two former consultants of Coins.ph under the ownership of BETUR, Inc. for allegedly violating Republic Act No. 10175, otherwise known as the Cybercrime Prevention Act of 2012.
They are accused of hacking the company’s information technology (IT) system and stealing 12.2 million in XRP cryptocurrency and native token of XRP Ledger, an open source blockchain, amounting to P340,745,027.93.
Coins.ph is an entity engaged in remittance, transmittal of money, foreign currency exchange and other money transactions.
In an eight-page resolution, the DOJ’s panel of prosecutors found probable cause to hold the respondents identified as Vladimir Evgenevich Avdeev and Sergey Yaschuck, both Russian nationals, for breaking anti-cybercrime laws.
Avdeev was the former Software Development Consultant of the complainant from May 6, 2019 to May 5, 2020. Yaschuck, on the other hand, served in the same position from May 14, 2021 to May 13, 2022.
Coins.ph’s security team concluded that the malicious actor must have had a comprehensive grasp of its network infrastructure, secure access key protocols and server systems based on the recorded suspicious system logins.
“Their further investigation narrowed down the perpetrators to respondents who were former consultants of the company. The account of respondent Yaschuck was used to access the company’s bastion server and attempted to connect to an Amazon Eleastic Kubemetes service (Amazon EKS) work node capable of withdrawing fireblock funds 9 October 2023,” the prosecutors noted.
From October 9 to October 17, according to the complainant, there were suspicious logins in its “OpenVPN” virtual private network administrator portal, typically used to enable employees to remotely access the company’s internal network.
The “OpenVPN” administrator account was previously managed by Avdeev.
“In their capacity as [the] complainant’s consultants, they had legal access to [the] complainant’s network infrastructure, secure access key protocols and server systems. When their tenure ended, however, they retained such access and used them without right,” the DOJ said in an eight-page resolution.
The complainant also alleged that the respondents tried to swap and transfer the stolen funds through identified cryptocurrency services to obfuscate the origin/destination of money in an attempt to confuse investigators once their scheme is busted.
“It is respectfully recommended that this Resolution be approved, and the attached information for violations of Section (a) 1 of RA 10175 be approved and filed before appropriate court,” the DOJ resolution stated.
The resolution was signed by Assistant State Prosecutor Jenny de Castro and Deputy State Prosecutor Olivia Laroza-Torrevillas, and approved by Prosecutor General Benedicto Malcontento.
Justice Secretary Jesus Crispin Remulla emphasized the DOJ’s mandate of upholding the rule of law and stressed that the same extends even in cyberspace.
“It is the DOJ’s mandate to assure the Rule of Law is upheld at all times, and this extends even in cyberspace,” Remulla said.
“Cybercriminals seem to have employed ways to keep up with modern technological trends to exploit the innocence of our people. Despite the government’s unwavering efforts to weed out undesirable elements in cyberspace, it is always better to stay vigilant on our own at all times,” he added.
