Seizure notice

Feds accuse founders of cryptocurrency mixer of ‘large-scale money laundering’

The two founders of a cryptocurrency mixing service that allegedly obfuscated the origins of at least $100 million in criminal proceeds have been arrested, the Department of Justice announced Wednesday. 

Since 2015, Samourai Wallet has been used to launder illicit funds under the guise of being a legal privacy-minded service, the DOJ said. Its founders, CEO Keonne Rodriguez and CTO William Lonergan Hill, created features explicitly designed to help “criminals to engage in large-scale money laundering and sanctions evasion.” 

Rodriguez is expected in a Pennsylvania courtroom this week, while Hill awaits extradition following his arrest on Wednesday in Portugal. They are each charged with one count of conspiracy to commit money laundering and one count of conspiracy to operate an unlicensed money transmitting business. 

With the help of Icelandic authorities, Samourai’s domain and servers were seized. A seizure warrant for its mobile application was also served on the Google Play Store. 

According to prosecutors , Samourai offered several features designed to muddy the origins of bitcoin transactions, including a mixer called “Whirlpool” and a premium service called “Ricochet.” The latter “allows a Samourai user to build in additional and unnecessary intermediate transactions (known as ‘hops’) when sending cryptocurrency from one address to another address.”  

whirlpool-samourai-mixer-graphic.png

An explanation of Whirlpool on Samourai's website. Credit: DOJ

On its website, Samourai claimed to be made up of a group of "privacy activists who have dedicated our lives to creating the software that Silicon Valley will never build, the regulators will never allow, and the VC's [venture capitalists] will never invest in." But according to prosecutors, the company explicitly courted criminals and sanctions evaders to its service. 

“Welcome new Russian oligarch Samourai Wallet users,” the company said on its Twitter (now X) account in June 2022 in response to a post about enforcing sanctions on Russians.

samourai-wallet-tweet.jpg

Marketing materials cited in the indictment purportedly show the company promoting its use for criminals seeking anonymity. 

“For example, in Samourai’s marketing materials, [they] acknowledge that the individuals most likely to use a service like Samourai include individuals engaged in criminal activities, including ‘Restricted Markets’,” prosecutors said.

On top of purportedly mixing millions from the Silk Road and Hydra dark web markets, prosecutors allege Samourai helped conceal the identities of cybercriminals behind lucrative hacks, including: 

  • A web server intrusion and customer database exfiltration in 2022 that netted 151 bitcoin (approximately $5.74 million at the time). 
  • A spearphishing scheme in 2021 and 2022 targeting a cloud service provider, its corporate clients and to steal $10 million worth of cryptocurrency from victim entities.
  • A 1,343 bitcoin phishing attack on a decentralized finance protocol from 2021 until 2023. 

Law enforcement has increasingly targeted infrastructure supporting the cybercrime ecosystem. 

A Russian-Swedish national was convicted in the U.S. in March for helping criminals launder money through the Bitcoin Fog mixer. One of the founders of the notorious Tornado Cash mixer was arrested in August 2023 and is awaiting trial.    

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
James Reddick

James Reddick

has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.