Bitcoin Exchange Operator Charged With Lying to SEC About Hack

(Bloomberg) -- The operator of a now-defunct cryptocurrency investment platform was charged with lying to U.S. regulators to hide the fact that hackers stole more than 6,000 of his customers’ Bitcoins.

Jon Montroll, 37, of Saginaw, Texas, was charged with two counts of perjury and one count of obstruction of justice in a complaint unsealed Wednesday by the office of Manhattan U.S. Attorney Geoffrey Berman. The U.S. Securities and Exchange Commission also filed a lawsuit accusing Montroll of violating securities laws.

Before the cryptocurrency began its meteoric rise, Montroll operated two online Bitcoin services, according to prosecutors. BitFunder.com facilitated the buying and trading of virtual shares of businesses listed on its platform, while WeExchange Australia Pty. Ltd. functioned as a Bitcoin depository and currency exchange. All WeExchange and BitFunder users’ Bitcoins were held in a common account, according to federal investigators.

During a four-day period in July 2013, hackers exploited weaknesses in BitFunder’s programming, allowing them to illegally withdraw Bitcoins that would be worth more than $60 million today, prosecutors said. The hack left Montroll without enough Bitcoins to cover what he owed users, they said.

‘Corrected Immediately’

Questioned under oath by the SEC in November 2013, Montroll denied that the hackers had succeeded, falsely claiming the system had halted the cryptocurrency withdrawals, prosecutors said. He also falsely claimed that the software problem “was corrected immediately, whenever the system started having problems, and I caught on to what was happening,” according to court documents.

Montroll provided regulators with a screenshot purportedly showing that more than 6,600 Bitcoins were available to BitFunder users through WeExchange as of Oct. 13, 2013. In reality, prosecutors said, WeExchange had lost “thousands” of Bitcoins, leaving just 40.

Investigators said contemporaneous chat logs and transaction data show the balance statement was faked. They also cited an internet chat that occurred three days into the hack in which Montroll sought help in retrieving what he referred to as “Stolen coins.” When that failed, Montroll transferred some of his own Bitcoins into the WeExchange account to conceal the losses but the hack continued, according to investigators.

Confronted during a later appearance before the SEC, Montroll lied again, according to the U.S. While he admitted to creating the balance statement, he also claimed to have realized the hackers had succeeded only after the regulators first questioned him about the intrusion, the U.S. said.

In its lawsuit, the SEC accused Montroll of operating an unregistered securities exchange, defrauding users and making false and misleading statements. In addition to failing to disclose the cyberattack on BitFunder, he also sold unregistered securities that purported to be investments in the exchange and misappropriated funds from those investors, the SEC said.

Montroll was scheduled to appear in federal court in Texas on Wednesday, according to Berman. The most serious charge, obstruction, carries a maximum prison term of up to 20 years. A lawyer for him couldn’t be immediately located.

The criminal case is U.S. v. Montroll, 18-mag-1372, U.S. District Court, Southern District of New York (Manhattan). The regulators’ lawsuit is SEC v. Montroll, 18-01582, U.S. District Court, Southern District of New York (Manhattan).

To contact the reporter on this story: Patricia Hurtado in Federal Court in Manhattan at pathurtado@bloomberg.net.

To contact the editors responsible for this story: David Glovin at dglovin@bloomberg.net, Andrew Dunn, Dave Liedtka

©2018 Bloomberg L.P.