Sentencing postponed for Nigerian in North Korean €13m BOV cyber hack

Nigerian Instagram influencer Ramon Abbas, aka Hushpuppi, has had his sentencing for his money laundering role in the 2019 €13 million North Korean cyber-heist from Bank of Valletta deferred until November by a California court.

Abbas had pled guilty in July 2021 to charges filed by the US Attorney’s Office in Los Angeles of conspiring to launder hundreds of millions of dollars from “business email compromise” (BEC) frauds and other scams, including that perpetrated against Bank of Valletta.

The US Department of Justice has accused the influencer of working with North Korean hackers to launder the funds stolen from Bank of Valletta in the dramatic cyberattack that closed down the bank’s systems back in February 2019.

According to the US Justice Department, Abbas participated in a “North Korean-perpetrated cyber-enabled heist from a Maltese bank in February 2019.”

In a July statement, the Justice Department referred to the attack as “a $14.7 million cyber-heist from a foreign financial institution”. Both the date and amount match that of the attack on Malta’s Bank of Valletta in February 2019.

But a US Central District Court in California has now postponed his sentencing until 7 November. This is now the fourth sentencing date so far, after it was first moved by the presiding judge from 14 February to 11 July, and now again from 21 September to 7 November.

Hushpuppi had been apprehended in Dubai in June 2020 by Emirati police working in conjunction with Federal Bureau of Investigation agents.  He was subsequently taken to the US where he pled guilty to the charges in July 2021.

Abbas, who had initially maintained his innocence, eventually struck a plea bargain with US authorities in July 2021 in the hope of getting a lighter punishment.

At the end of the day, he pleaded guilty to Count Two – ‘Conspiracy to Engage in Money Laundering’, an offence that carries, amongst other things, a maximum 20-year prison sentence and full restitution.

According to the plea agreement’s text, the “Defendant understands that the defendant will be required to pay full restitution to the victim(s) of the offence to which the defendant is pleading guilty.

“Defendant agrees that, in return for the USAO’s compliance with its obligations under this agreement, the court may order restitution to persons other than the victim(s) of the offenses to which defendant is pleading guilty and in amounts greater than those alleged in the count to which defendant is pleading guilty.”

Abass is facing a maximum of 20 years’ imprisonment, a three-year period of supervised release; a fine of $500,000 or twice the gross gain or gross loss resulting from the offense, whichever is greatest.

According to the FBI’s affidavit, the “hit” on Bank of Valletta had been planned for 12 February 2019 and Abbas had sent account information for a Romanian bank to his co-conspirator, an account he said could be used for “large amounts”.

Abbas then sent screenshots showing the funds had not arrived in the Romanian bank account the next day, his partner replied, “today they noticed and pressed a recall on it, it might show and block or never show”.

His cohort then sent an image of a news article to Abbas detailing the theft of funds from the foreign financial institution, followed by a message stating “look it hit the news”. Abbas replied: “damn” and the co-conspirator added: “next one is in few weeks will let you know when it’s ready. Too bad they caught on or it would been a nice payout.”

The US Attorney’s Office for the Central District of California explains in the plea bargain agreement how between January 2019 and June 2020, Hushpuppi “knowingly combined, agreed, and conspired with multiple other persons (“co-conspirators”) to conduct financial transactions into, within, and outside the United States involving property that represented the proceeds of wire fraud”.

The Bank of Valletta hack was perpetrated in February 2019.

According to USAO, the co-conspirators targeted multiple victims and laundered and/or attempted to launder funds fraudulently obtained, and attempted to be fraudulently obtained, through bank cyber-heists, business email compromise (BEC) frauds, and other fraud schemes.

The intended victims of the conspiracy included a foreign financial institution, which was, it transpires, Bank of Valletta, a law firm located in New York state, and two companies in the United Kingdom.

Bank of Valletta was an intended cyber-heist victim while the others fell victim to the BEC schemes.  As for the UK scam Abass and a co-conspirator in May 2019, were expecting fraudulent payments of approximately £6 million a week.

“Once a victim deposited funds into a bank account, the defendant would coordinate with other co-conspirators to obtain or move the funds, and then to further launder the funds,” the US authorities said.

Abass was also said to have admitted involvement in a scheme to defraud a company in Qatar that was building an international school and the owner of that company. That was also in 2019 when, with a co-conspirator, he conspired to defraud the owner of the Qatari company “who was seeking a lender to invest $15,000,000 in a project to build an international school”.

Abbas is a Nigerian social media influencer with more than 2.5 million followers on Instagram, where he showcases lavish cars, watches, designer clothes and private jets.

Abbas’ name emerged among details of a larger international criminal conspiracy involving North Korean state hackers involved in “a series of destructive cyberattacks, to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies,” according to the US Justice Department’s statement indictment that charged him with hacking and money laundering crimes that cost his victims some $24 million

FBI Deputy Director Paul Abbate said in the statement at the time that the indictment expands the FBI’s 2018 charges for the “unprecedented cyberattacks conducted by the North Korean regime.”

Assistant Attorney General John C. Demers of the Justice Department’s National Security Division added, “As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers.”

Abbas is linked to one specific part of the “broad array of criminal cyber activities undertaken by the conspiracy,” namely money laundering and the attack on a “foreign financial institution”, which, it turns out, was the Bank of Valletta cyber-heist of February 2019.

Abbas was linked to the North Korean conspiracy when US federal prosecutors unsealed a charge against Ghaleb Alaumary, 37, of Ontario, Canada. Alaumary plead guilty to charges related to his role as a money launderer for the North Korean group filed in November 2020.

The Justice Department connected Abbas to the North Korean hackers through Alaumary, who they allege “conspired” with “Ray Hushpuppi,” to “launder funds from a North Korean-perpetrated cyber-enabled heist from a Maltese bank in February 2019.”

In May 2019 BOV said it had recovered €10 million of the sum and a further six people were arrested in Northern Ireland in connection with the heist.

The UK’s National Crime Agency had also explained how hackers were able to access Bank of Valletta’s systems and transfers the money into foreign accounts, from where some of the funds were spent on luxury goods such as Rolex watches and an Audi A5.

In May of 2019 BOV said it had recovered €10 million of the total sum.  Earlier this year, a further six people were arrested in Northern Ireland in connection with the heist.

At the time of the BOV hack, the bank had been forced to shut down all its operations, with branches, ATMs, mobile banking, its website and email services were suspended. Then prime minister Joseph Muscat had even been obliged to make a parliamentary statement.