Tuesday, May 02, 2023

Mirror Trading International's Cornelius Johannes Steynberg and his $3.4 Billion USD Default Judgement

Some of you may have heard that students in UAB's Investigating Online Crimes class have been researching Crypto Investment Scam websites.  You can find a list of some of the sites we've identified so far on URLScan.io using our tag "CryptoScam" (as of this writing we have 3600+ sites on the list -- hosting companies and registrars, please take action!) 

Mirror Trading International and a $3.4 Billion Fine

You may have never heard of the U.S. Government agency, the Commodity Futures Trading Commission, but that doesn't mean they don't have power.  Last week the CFTC announced an order of default judgment against Cornelius Johannes Steynberg of Stellenbosch, Western Cape, South Africa. The order states that Steynberg must pay $1,733,838,372 USD in restitution and an additional $1,733,838,372 as a civil monetary penalty for defrauding 23,000 Americans of 29,421 Bitcoin.  (That's $3.4 Billion USD, or R63.6 Billion South African Rand.)

I'm proud to say that this action was brought in part by the Alabama Securities Commission, who joined Texas, North Carolina, and Mississippi in taking action.  I've met their director (who just retired this week! Thank you Joe Borg for 30 years of service!) and some of their investigators and they fight hard to protect the citizens of Alabama from fraud. 

Mirror Trading International claimed that their members could earn 10% per month in interest on their investments.  A typical ad of theirs boasted of this advantage over traditional bank accounts and other investment vehicles: 

Ponzi Scam or Affiliate Program: Tomato / Tomato

Like many other Crypto Investment Scams, MTI was an affiliate program.  MTI encouraged members to create an account, after which they would be granted an affiliate code. By sharing a link to the main MTI website using their affiliate code, anyone who clicked the link and made an investment would begin generating "passive weekly income" to the member. 

Dozens of webpages, Telegram channels, and Facebook pages were filled with ads claiming how easy it was to earn money.  Here's one that was shared on a Facebook page operated by affiliate "Themba2000." 

This affiliate regularly posted updates supposedly showing how much money they were earning, as well as testimonials where the people they had recruited supposedly thanked them for their newfound financial freedom:

Like many other Crypto Investment Scams, the affiliates were encouraged to share videos claiming that Artificial Intelligence-based training was part of the secret of their success: 

South Africa's Court Order Outlines a Problem: Greed

While the terms of the South African court order against MTI may seem like victim-shaming, Greed is truly one of the factors involved in many of these Crypto Investment Scams.

"People all over the world, and South Africans are no exception, are bewitched and fascinated by any idea or scheme promising, in most cases, instant wealth, new homes, new cars, holidays abroad and all material possessions that can be acquired with an abundance of money. A further attraction of these schemes is the perception that the money will keep rolling in with little or no effort by the participants, the hardest part being to count one's money." 

The conclusion of that case summarized their findings as follows: 

[137] MTI's business clearly amounted to an unlawful ponzi-scheme, i.e. a fraudulent investing scam promising high rates of return to investors and generating returns for earlier investors with investments taken from later investors. 

[138] It would appear that there is no pool of member bitcoin, Trade 300 does not exist, the artificial intelligence bot never existed or traded and the remarkable trading results presented to investors were prima facie false. 

(ordered by A De Wet, Acting Judge of the High Court) 

What?  The AI Magic Bitcoin Genie isn't real?  I'm shocked!

Scammers or Victims:  Why Not Both? 

Unfortunately, many of the people who became involved in the scam are innocent victims while others made fake Facebook accounts in order to scam others into signing up.  As long as they signed up others, they had a good chance of making money, until the whole scheme collapsed.  It took about five minutes to find fifty affiliates with a simple Facebook search:

So will everyone get their money back?  Highly unlikely. 

Steynberg Arrested in Brazil

Mr. Steynberg was arrested in 2022 by the Brazilian Military Police of the state of Goias: 

Assurances from MTI CEO Steynberg: I am not a Ponzi Scheme!

When Mirror Trading was first accused of being a Ponzi Scheme by the Texas Securities Commission, their CEO replied to queries using a form letter like this one, shared by Global Crypto in a story called "MTI Announces It Is Working With the FSCA": 

Dear Kratika,

I unfortunately only received your email this morning, Tuesday 14 July 2020.

As I have declared to the Texas Commissioner in writing, I wish to state and declare from the outset that Mirror Trading International (Pty) Ltd (hereinafter referred to as “MTI”), a privately held company registered in the Republic of South Africa, is not a Ponzi scheme (new money feeding old) or a scam, with which a holder of funds suddenly disappears.

It is also most unfortunate that because MTI is operating in the online passive income building industry, which has a notorious and demonstrated reputation for scams and Ponzi schemes, and, due to the nature and Modus-Operandi of the robust MTI referral-based business model, that MTI is automatically by default behaviour of the media and some regulators, and maybe the behaviours of some members, is being perceived by associative conclusion that MTI is but another of these.

This unfortunate and misinformed perception is far from the reality of what MTI is as a newly formed (15 month old) highly innovative referral-business and brand that the founders would like to see growing over many years into a global, iconic and heritage brand in the market trading sector.

For instance, the Texas Commissions states that …The actual value of the commissions depends on their success in recruiting new investors and multilevel marketers. … While this may apply to Ponzi schemes, this is not correct for MTI.

Daily trading returns using top regulated trading brokers determine the quantum of rewards, which can vary and if there is a negative trading day, there are no rewards. The point is that with MTI, that the funding of MTI referral payments is derived from daily trading profits and not from the funds of new members.

Another important point which differentiates MTI from Ponzi’s and scams is that members have full control over their funds (Bitcoin) at all times. Members are able to add or withdraw their funds (Bitcoin) at any time, with no complications and no fees. If you do research, you will find not a single member of the 75,000+ MTI members worldwide has ever complained or not been able to withdraw their BTC whenever they have opted to.  

It is the aim of MTI and its innovative, unique referral-based business model and MTI’s operating Modus Operandi of trading on world markets to generate real growth and returns on a daily basis, to work with and co-operate with regulators in every regard, in the process of taking MTI along a path that will see MTI fully and properly regulated.
There are three reasons for this.

1. My Founding Vision for MTI: Build a preferred iconic and heritage global brand in the financial services sector that delivers sustainable growth and value creation for all stakeholders, including for the little man in the street:
2. Professional and Compliant:  Ensure that MTI is a professionally managed business and brand that is regulatory compliant and which delivers sustainable growth and value creation for all stakeholders. My team and I are committed to this.
3. Change the reputation of the on-line passive income generating industry: We and myself personally, are extremely tired of this industry having a negative and darkly clouded reputation. And yes, some 99.9% of online passive income building services are scams and  / or Ponzi’s. I am personally very driven to be part of changing this perception once and for all, by showing and demonstrating to regulators, to the media and to consumers that such a business model can on a Bona Fida basis, exist, successfully operate and grow on an organic and sustainable basis, which is what MTI is doing.

To this end, MTI will in the coming period be placing great emphasis on engaging with and working with any regulator with a clear purpose at all times;  be fully compliant as a professionally managed company and brand that delivers sustainable growth and value creation to its stakeholders, and which intends to be around for many years to come.

MTI is already in discussion with the South Africa Financial Services Conduct Authority (FSCA) and will be meeting with the FSCA in a week’s time. MTI is also fully committed to co-operating with the Texas State Securities board and is in correspondence with them on this matter.

We trust that the above gives you some insight into MTI.

Should you wish to correspond further, please use my private email address: [REDACTED]
Your sincerely,

Johann Steynberg
Chief Executive Officer
Mirror Trading International (Pty) Ltd
South Africa

Saturday, February 18, 2023

Watching a Crypto Investment Scam WhatsApp Group

If your online accounts are like mine, almost every day I'm "force joined" to a new Telegram group where a crypto investment scammer tries to tell everyone how great their scam investment site is. This week, I started getting added to WhatsApp Crypto Investment Scams. 

I thought I'd share the experience with you, in case you were curious. 

When you are Force-joined to a WhatsApp group, the first thing that is displayed is information about who added you to the group.

In my case, +856 20 29 725 893 created the group, and then I was added to the group by +856 20 29 728 289.  The +856 should be a clue to whether these are the advisors they claim to be, as +856 is the international calling code for Laos. A third Laos number then removes the group creator, another Laos administrator, and a South African adminstrator (+27 is South Africa).  They must have added a US-numbered administrator, (we don't see other people being added), because the +1 (346) number then changed the "Subject" of the group to be "BTC Nuggets 02th Team."   02th.  As in, the Second team created by a non-English speaker.  1st ... 02th ... 3rd? 

Then we get our first message from "Tricia Storti" our second theoretically American admin +1 (530), American.  See? (530 is the Area Code for extreme NorthEastern California.) 

Tricia's first post introduces our Crypto Investment Scam website name and begins the process of helping us all lose our money to "FileCoin" (or is it FILcoin? they can't seem to decide.)

But wait ... I didn't want to get a hundred WhatsApp messages a day from a new scammer.  That's ok ... all of Tricia's bot-controlled fake Americans are here to make you realize how special it is that you got added to the group.  They blather on non-stop about how great it is ... just so you might wonder (if you were a complete idiot), "Is it possible that I've been accidentally added to a WhatsApp Group that will teach me how to get rich trading Crypto Currency?" 

Seriously.  I can't believe they think anyone is stupid enough to fall for this ... but then I look at the BILLIONS OF DOLLARS being stolen in Crypto Investment Scams and realize they wouldn't spend all of this time and money doing this if somewhere it wasn't making them a profit. 

Just as you might be wondering, "But how will being in this group make me rich?" none other than the FOUNDER HIMSELF, the one and only BERNIE McTERNAN jumps into the conversation to explain how!

(In case you wondering if these were totally made up names, yes, they are. But they are based in reality.  McTernan occurs at a rate of 1 in every 519,000 people in the USA.  Storti is Italian.  1 in every 12,000 or so people there is named Storti.  1 in every 365,000 people in the USA.) 

But does it really work?  Well, our straight man "~ FKK" is going to ask the burning questions that are on every potential victim's mind ... and receive honest, trustworthy answers from current investor LOLO!

See?  LOLO has been in the game for 3 months "without finding anything wrong" and he can "withdraw money successfully every time!"  He's made $70,000 thanks to Bernie Analyst! 

You might still have doubts ... just like FKK!   "Wow is this true?"  But it isn't just totally real LOLO who has had great success.  Totally real totally unsolicited testimonial person Josh Perreault ALSO has made withdrawals successfully!  

Now we KNOW that it's real, right? Not you! You are too smart for that!  You're probably thinking "But I've never heard of these people!  What company is this?  Are they reputable?"  Funny that you are thinking this, because Totally Real Person Andrew Woolley is having those same doubts ... 

There you have it! Filecoin Foundation has been around since 2019, they are headquartered in London and have branches in the US, Vanuatu and Australia.  And look!  They even have an ID Number!  OOOOOOH!  Who could possibly doubt now??!?!?!

Totally Real Person JIJIT assures us that this is an American Company, and then FKK, our favorite Straight Man, asks for a website.  Conveniently, Tricia is there to demonstrate her excellent customer service by replying within two minutes!


Oops!  Did NameSilo actually kill a fraud domain?  No, the scammers use "m.filecoinprotocol[.]com" as their primary site, so that if you try the domain name, or the "www" it will look like the site is unavailable. 

The Amazing Tricia-the-Scammer is right there with the answer! 

"BTC seconds contract is a two-way financial investment product. No matter which direction you buy, as long as you buy in the right direction, you can make a profit. The bitcoin second contract investment we currently trade is suitable for all types of investors, whether you are a novice or an experienced investor. Each transaction lasts 180seconds. After 180 seconds, if the analyst's investment forecast is correct, you can make an immediate profit." 

But why would they do that?  For a commission ... nothing suspicious here ... these Totally Real People explain it to each other:

And eventually, after much more banter, the TRADING starts!  Tricia gives our first instruction, and our Totally Real Veteran Trader Josh jumps right in!  (Perhaps not realizing we've already killed the website.) 

All of the Totally Real People quickly share their successful profits!


But, there is one little problem ... 


But that doesn't stop us having more imaginary conversations to demonstrate how trustworthy things are.  Tricia had some exciting news today ... VIP Traders don't have to pay the 20% commission!  They keep ALL OF THE MONEY!  (But there is a $10,000 minimum investment, of course) 

How big is the group?  In addition to the 237 current members, there are also (if you choose Group Info and scroll ALL THE WAY DOWN), over 550 "Past Participants" (with all of their telephone numbers exposed as well.)

Those are the people who were Force-Joined to the group and then LEFT the group.  Hopefully they remember to hit "REPORT AND EXIT" so that WhatsApp's team knows these guys are scammers!

For our "Actors" in the play above, none of their telephone numbers correspond to a real phone carrier, except Bernie, who uses T-Mobile. 

Bernie = 346.971.2587 = T-Mobile 
Tricia = 530.435.9207 = Peerless-NSR-ATLC
Josh = 903.636.6515 = Sinch Voice-NSR-10X
Shannon = 438.577-5300 = IXICA Communications 
JIJIT = 873.920.8211 = IXICA Communications
LOLO = 403.694.7067 = ISP Telecom 
Zachary Brook = 343578.0586 = ISP Telecom 
FKK = 985.775.6255 = Sinch Voice NSR 
Andrew = 716.502.2145 = Sinch Voice NSR 
Kevin = 937.966.2921 = Sinch Voice NSR 

Sure would be sad if all of those telephone numbers and WhatsApp numbers were terminated ... 

Thursday, January 05, 2023

SIM Swapping, Crypto Theft, and Sentencing in the United States

As you know from the title of my blog, "CyberCrime & Doing Time," I'm very interested in cybercrime and the criminal justice system. This week I've been looking at SIM Swapping cases and wanted to share what I learned from reading the sentencing memos sentencing transcript for Ricky Handschumacher.

Ricky was one of the members of "The Community" - a group of six OGUsers/HackForums punks who decided to go into the crypto theft business. They haunted crypto community forums gathering data on people who over-shared about their crypto earnings and then did the social media intelligence (SOCMINT) work to id their target, assess their holdings, get their online credentials, and then pay a phone company contractor or employee to SIM Swap their device and steal their crypto.

They stole over $50 Million dollars.

Ricky was the last guy to get sentenced.  The other members of the group (not their phone store patsies, but the core group) were: 

  • Conor Freeman, 20, of Dublin, Ireland.  Conor was sentenced to three years in Ireland.
  • Colton Jurisic, 20, of Dubuque, Iowa. He was sentenced to 42 months and restitution in the amount of $9,517,129.
  • Reyad Gafar Abbas, 19, of Rochester, New York.  He was sentenced to 24 months and restitution in the amount of $310,791.
  • Garrett Endicott, 21, of Warrensburg, Missouri.  He was sentenced to 10 months and restitution in the amount of $121,549.
  • Ryan Stevenson, 26, of West Haven, Connecticut.  He got two years probation.  Minor player.

Ricky pleads guilty to a single count of "18 USC § 1349 - Conspiracy to Commit Wire Fraud" and in exchange the court agrees to drop several additional charges of: 
18 USC §§ 1343 and 2 - Wire Fraud, Aiding and Abetting 
18 USC §§ 1028A(a)(1) and 2 - Aggravated Identity Theft, Aiding and Abetting

Anyway, Guilty plea is received, family all lines up to say what a good boy Ricky is, blah blah blah, and how he was such a good boy while he was out on bond.

Sentencing Guidelines 

Here's how our sentencing Guidelines work ...

The base crimes each have a number of "sentencing points" that they are assigned.  Then there are a whole host of modifications that can be applied based on other factors.  This score is then further modified by how many prior criminal convictions the individuals have.

Conspiracy to Commit Wire Fraud has a base score of 7.  With no criminal history, that would give a sentence of 0-6 months. But that would be a crime with no victims, no losses, and the most basic conspiracy.  All of the other factors add points. 

The following modifications are then applied.

+2 - the number of victims matter.  In this case, they are charging "ten or more victims." 

Ricky's score is now a 9.  Sentencing guideline: 4-10 months.

+2 - sophisticated means. Because this was a high-tech crime with a lot of technology and a lot of moving parts.

Ricky's score is now an 11.  Sentencing guideline: 8-14 months. 

+2 illicit authentication.  To curb identity theft and the flippant use of stolen credentials, crimes that involve stolen identities get an automatic +2. 

Ricky's score is now a 13.  Sentencing guideline: 12-18 months.

+18 - Theft of between $3.5 million and $9.5 million.  The two greatest "adjustments" in the sentencing world are Number of Victims, and Amount Stolen. This is a huge modification, however, they stole a lot of money!  Many victims lined up to say they lost 100% of their life savings.  One of them even appeared at the Sentencing hearing and said so.  He told the court he had lost everything, and had been waiting FOUR YEARS for justice to be served.  It definitely needs consideration.  

Ricky's score is suddenly a 31.  108-135 months.  That's 9 to 11 years.

-3 - Because Ricky was cooperative and accepted responsibility for his crimes, apologizing to the court and to the victims, his sentencing guideline score is dropped by three points.  That's huge, actually.

Ricky's score is now 28.  78-97 months. 

In their sentencing memo, the prosecution says they would be happy to accept the "mid-point" of that range and asks for an 88 month sentence.

The Judge Speaks

The judge in this case is The Honorable Denise Page Hood in the Eastern District of Michigan.  I appreciate that she puts a great deal of explanation in before rendering her verdict.  She shares with us each of the things she is charged with considering as she builds her decision on what sentence to impose.  All of the following is quoted from the Sentencing Transcript available on PACER, although the emphasis added is mine.  

1. "The factors I'm supposed to consider are these: The nature and circumstances of the offense and the history and characteristics of the Defendant, and I'm satisfied that, while I don't think that -- well, I think the age of the other individuals involved really didn't have anything to do with you. What it really has to do with is whether or not you were a more mature person and maybe should have had some other indication of this wrongdoing and made a better judgment than someone who perhaps is still young and a bit naive might be. Like I know one of the people, I was convinced that person was much more naive than other individuals involved in this. You, however, aren't one of those.

"I have here also that I think that the nature and circumstances the offense are serious, because there's a lot of money stolen, and it's stolen from individuals who, number one, are unsuspecting, and, number two, some of them are like Mr. S.S., who is here in court today, that this was not, you know, some organization or anything. It was an individual and their personal money, their, as he describes it, his life savings that were involved, and I think that makes it a little bit different than stealing from a company that might have some other means of recovering that than an individual. I'm also satisfied that it seemed like kind of a we're going to go out there and just do these things. We're just going to hack. We don't have any sense of caring very much, until it's over, about people who might be involved in this and where the money might be coming from and where it might go, and so, to some extent, on the part of everybody involved, it seemed like it was kind of a relaxed look at what you were doing and just kind of like a greed thing. I mean it wasn't -- particularly in your case, it wasn't that you were destitute or anything. You had some education, and you had the ability to have a job. So it wasn't that you couldn't go out and make money on your own, and that is kind of the nature of these kind of things, but I think it's a very serious offense in this particular scheme of things.

2. I'm also to look at the history and characteristics of the Defendant, and, for that, I would note that in the scheme of people who come into court,  you're on the young end of that. You may not think you are, but you really are on the young end of those people who commit crimes within our system.

I'm satisfied that you had a decent childhood. I had some notes here that you were and athlete and well-integrated into your experiences as a youth, and, also, that, unlike some other people, you did not seem to be someone who was just, you know, isolating themselves and unliked by others and, therefore, kind of a person who might reach out to do something like this because of a bad situation that they were in. Not that that excuses that behavior, which is exactly what I told them, that it doesn't excuse that behavior.

I'm also satisfied that -- I don't know whether it's better or worse that there are hackers out there that don't know one another, and maybe that adds a little bit to the frivolousness and the unaccountability of it relative to one another. Otherwise, I don't think there's anything in your history or characteristics that is a negative to you. I had one thing I wanted to note here. Okay, I wanted to note that it does not appear that you have any physical problems or that you have any mental health diagnosis or received any mental health treatment. It does not appear that you have any substance abuse problems.

It appears that you graduated from high school and that you were able to have some employment, including an employment from July of 2019, on Paragraph 44, until – at least at the time that this report was written, and that prior to that, that you have worked -- you had been unemployed for a time but that you were also employed by the city of Port Richey, and, prior to that, in a grocery store, and for the short period of time that you've been an adult, that's a significant amount, as far as I'm concerned, of employment.

The other thing I want to say is thatI'm to consider whether or not the sentence that I'm going to craft will reflect the seriousness of the offense. I've already spoken to that. Promotes respect for the law and provides just punishment, and I'm sure that you're aware now of the seriousness of the offense. That may be enough to promote respect for the law. I don't know that. You know, I don't know that in these particular kind of instances whether people look at it and say, you know, I've been involved in this. It was easy. I just happened to get caught. I'm never going to get caught again because of the nature of how this is done and how hard it is to investigate and to find out what each person involved in it is doing. So I don't know that my sentence will promote respect for the law, but at least I have taken it into consideration.

I'm also to fashion a sentence that provides just punishment, and I know that in all of the cases during the pandemic, where people have been on bond, they have noted I've been, you know, really good, in quotes, on pretrial release, and that shows that I am rehabilitated, and, to some extent, that may be true. To the other extent, the opportunity was that you would not be on pretrial release and you would be in custody where everyone else is attempting to get out of custody because of Covid-19. So I see that people would be, to a very great extent, well-behaved on pretrial release at this time, especially when they don't want to be incarcerated. So I don't give that a lot of weight. I know it's a long time to wait, but I'm sure it is far less onerous conditions than if you were waiting in jail to be able to proceed.

5. I'm also to consider whether or not I will afford adequate deterrence to criminal conduct, and I recognize that this may have been an opportunistic crime, but it's still illegal. You still have to answer for it, and some of it, the deterrence, I think, is not only deterring yourself, meaning that something happens to you that makes you not want to do this ever again even if you think the opportunity to be caught is very small, and it's going to become less small. The Government is going to get better at uncovering this type of crime and uncovering it earlier, but I also think that we deter others by letting them know that we're not going to just let this kind of crime go unaddressed

6. I'm also to fashion a sentence that protects the public from the further crimes of the  Defendant, and I will do that in this case by requiring, since it's your first contact with law enforcement, and to some extent the presentence report indicates it's a deviation from your otherwise law-abiding life, that you will have to participate in the Computer Internet Monitoring Program for the entire time that you're connected to the Court by being incarcerated, if you're put in a halfway house, or while you're on supervised release, and you'll have to abide by that agreement, which addresses all of the computers to which you would have any contact, okay, and it allows them to not only search but at reasonable times and places, but to also be for you to provide other people using the computers with the understanding if you're using their computer, it's subject to search as well.

7. I'm to fashion a sentence that provides you with needed education and vocational training, medical care, or other correctional treatment in the most effective manner, and it does not appear that you're unhealthy, or, as I said, have any mental health or substance abuse concerns. I know you have a high school diploma, and you have had some employment that's consistent with that, and so I would note that you should have the opportunity to engage in any programs that you think are beneficial to you to enhance that, but I don't have any that I'm going to particularly point out.

8. I also have to consider the kinds of sentences available, and that is the 78 to 97 months of incarceration, and that it will be followed by a term of supervised release, and I'm also to consider the need to avoid unwarranted sentencing disparities among defendants with similar records having been found guilty of similar kinds of conduct, and I have these other codefendants, all of whom seem to have various roles in conducting this conspiracy, and I think that my sentence will reflect how I think the various roles and the history and characteristics and other factors have impacted those people, all of whom, so far, have received a sentence that is below the guideline range. 

9. I'm also to consider the need to provide restitution to any victims of the offense, and I am going to order a restitution against you relative to this. I will also recommend that the amount that you're forfeiting go against the restitution, but, you know, part of it is that, you know, the amount of restitution is really high, and I think it's really difficult for anybody, although you're a young person and so are the others, to pay back seven-and-a-half-million dollars. That's a tremendous amount of money, and the amount that it is apparent that you're forfeiting doesn't really approach that. It doesn't approach $7 million, and so, you know, the Court is always wondering what happened to the money that was stolen away from people and whether or not people have spent it or they hid it away, especially if there's nothing really apparent. There is, in some cases, something apparent to show for it, but I have considered that as well.

I've said in the other sentences, because in the other instances, people also ask for  noncustodial sentences, that I don't think that a noncustodial sentence is appropriate in these cases. I mean we think, kind of like we do in other kinds of cyber crimes, that you don't see what's happening. It's not done with some -- it's not like you went in and robbed a place where some people were standing there and you had to deal with the actual people that you might be stealing the money from, or had to confront an actual bank teller who might be afraid or anything like this. This is kind of done on your own on the computer. You don't really have any real people in front of you. It's not maybe very -- it does not seem very personal to the people committing the crime, but it's really personal against the people that the crime is committed, and so I don't think that a noncustodial sentence is appropriate.  Even with the halfway house and the like, I don't think it's appropriate, and I think you can tell that from the other sentences that I've imposed.

The Sentence

And, therefore -- but I should also say that I think the 78 to 97 months is driven, as many as of these monetary crimes are, by the amounts of loss, and I think, in this particular instance, where I have people before me and you who don't have prior serious offenses or any offenses at all, that I give credit for that in most other instances of fashioning a sentence, and the credit for it actually goes to the amount of time that you have to be incarcerated usually, and I don't see any reason why I shouldn't do that in this particular instance. In all of these instances, I think I have before me people who have the ability to do one of two things. They can grow and become productive members of society and attempt to pay back the victims the money that was, you know, secretly stolen from them and computers used to do that, and, therefore, I think that a sentence within the guideline range is too much for the charges that I'm presented with here for the reasons that I've stated.

And, therefore, with respect to Count 1 of the indictment, pursuant to the Sentencing Reform Act of 1984, the Court, having considered the advisory guidelines and the factors contained in 18 U.S.C. §3553(a), commits the Defendant to the custody of the Bureau of Prisons for a term of 48 months. And, upon release from imprisonment, the Defendant will be placed on supervised release for a term of three years. 

... I'm ordering that you pay that restitution to the clerk of the court for disbursement to the victims identified below in the amounts below for a combined restitution order of $7,681,570.03, which is due immediately. While on supervised release, payments must be made at a rate and schedule determined by the probation department, approved by the Court, and they are going to these victims:
Victim with initials D.M. in the amount of $116,387.12;
Mr. S.S. in the amount of $1,967,146.57;
And S.B. in the amount of $5,598,036.34.

Thoughts on Sentencing 

I am always frustrated when judges choose to depart from the recommended sentence, especially in a way that I feel does not take cybercrime seriously.  As we look at the rationale behind the sentence though, I think it boils down to this:

In the world of Big Crypto and with the pathetic security in place that means a kid in a phone shop can facilitate a $5.5 Million theft, how do we balance the trivial means of stealing that money with the fact that someone's life savings have been destroyed?

In this case, restitution will start with the fact that Ricky is giving up 38 BTC and 900 Ethereum from what he stole.  At the time of this writing that is about $1.8 Million.  How is a kid with a high school degree and a criminal record going to pay back the other $5.8 Million?  He's not.  The parole board will come up with a garnishment of future wages, but if he ends up in a minimum wage job, that is likely to be repaid at a rate of $100 per month, so the victims will get the rest of their money slowly over the next four thousand eight hundred years or so.

I would really like to hear your thoughts on this.  Feel free to comment below.  Thank you!