E-Root Marketplace

E-Root Marketplace admin receives 42-month sentence

Sandu Boris Diaconu, a 31-year-old Moldovan national, has been sentenced to 42 months in prison in the U.S. for his involvement in operating an illicit marketplace known as E-Root Marketplace.

This marketplace facilitated the sale of hundreds of thousands of compromised credentials, including usernames and passwords, enabling buyers to access remote computers for illicit purposes such as stealing private information or manipulating data. Diaconu pleaded guilty to charges of conspiracy to commit access device and computer fraud, as well as possession of unauthorized access devices.

E-Root Marketplace utilized a distributed network and employed measures to conceal the identities of its administrators, buyers, and sellers. Prospective customers could search for compromised credentials based on various criteria such as price, location, internet service provider, and operating system. To obfuscate transaction trails, the marketplace provided an online payment system called Perfect Money, facilitating the conversion of Bitcoin to and from Perfect Money. However, both E-Root and Perfect Money’s infrastructure were seized by law enforcement in late 2020.

It’s estimated that over 350,000 credentials were advertised for sale on E-Root, leading to numerous victims falling prey to ransomware attacks and identity theft schemes. Diaconu, who served as the administrator of E-Root between January 2015 and February 2020, was apprehended in the U.K. in May 2021 while attempting to flee the country. He was later extradited to the U.S. in October 2023.

In addition to Diaconu’s case, the Department of Justice (DoJ) announced the recovery of $2.3 million worth of cryptocurrency linked to a romance scam that targeted individuals across the U.S. In this scheme, scammers build trust with victims online before persuading them to invest in a cryptocurrency scam, resulting in financial losses for the victims.

E-Root Marketplace

Moreover, reports from Web3 anti-fraud company Scam Sniffer indicate that approximately 57,000 victims lost around $47 million to crypto phishing scams in February 2024 alone. These scams often lure victims to phishing websites through impersonated Twitter accounts, with a significant decrease observed in the number of victims losing over $1 million compared to the previous month.