In a significant cybersecurity case, 27-year-old Russian citizen Georgy Kavzharadze has been sentenced to 40 months in prison by a U.S. court for his involvement in selling over 300,000 stolen account credentials on the now-defunct hacking marketplace, Slilpp. This case highlights the ongoing battle against cybercrime and the international efforts to combat digital fraud.
The Slilpp Marketplace: A Hub for Stolen Credentials
Slilpp, operational from 2012 to 2021, was a notorious online marketplace that facilitated the trade of hacked and stolen account information. During its nine-year run, the platform saw the sale of more than 80 million sets of credentials from over 1,400 companies, including major corporations like PayPal, Amazon, and various banking institutions. Law enforcement agencies described Slilpp as “the largest marketplace of compromised accounts to have ever existed in the criminal underground.”
Kavzharadze’s Criminal Activities
According to the U.S. Department of Justice, Kavzharadze, known by aliases such as TeRorPP, Torqovec, and PlutuSS, engaged in the sale of vast amounts of stolen financial information and personal data on Slilpp. Court documents reveal that between July 2016 and May 2021, he listed over 626,100 stolen credentials for sale.
The scope of Kavzharadze’s operations became evident when, on May 27, 2021, his Slilpp account offered 240,495 sets of credentials for sale. These included access data for bank accounts in New York, California, Nevada, and Georgia. Kavzharadze exclusively accepted Bitcoin as payment for these stolen credentials, demonstrating the prevalent use of cryptocurrencies in cybercriminal activities.
Financial Impact and Legal Consequences
The stolen credentials sold by Kavzharadze were subsequently used in fraudulent activities, resulting in attempted transactions totaling approximately $1.2 million. This figure represents a significant reduction from the initial indictment, which cited fraudulent transactions exceeding $5 million across five different banks.
FBI investigators linked Kavzharadze to the withdrawal of over $200,000 from a Bitcoin account associated with Slilpp, which received payments for stolen login credentials and personal and financial data. This amount is estimated to be worth about $450,000 at current exchange rates.
In August 2021, Kavzharadze faced charges including conspiracy to commit bank and wire fraud, bank fraud, access device fraud, and aggravated identity theft. Following his extradition to the United States, he pleaded guilty on February 16, 2024, to trading on Slilpp and conspiring to commit bank and wire fraud.
This case serves as a stark reminder of the persistent threats in the digital landscape and the importance of robust cybersecurity measures. It underscores the need for individuals and organizations to remain vigilant in protecting their digital assets and personal information. As cybercriminals continue to evolve their tactics, the global cybersecurity community must adapt and strengthen its defenses to mitigate the risks of large-scale data breaches and financial fraud.