On July 21, U.S. Attorney for the Southern District of New York Preet Bharara, along with the Assistant Director-in-Charge of the New York Field Office of the FBI and the Special Agent-in-Charge of the New York Field Office of the United States Secret Service, announced the unsealing of criminal complaints filed against Anthony R. Murgio and Yuri Lebedev. According to the complaints, since at least late 2013, the two men and their co-conspirators illegally ran a money transfer operation called Coin.mx, which allowed customers to exchange cash for bitcoins for a fee. Murgio’s and Lebedev’s allegedly illegal money transfer operation involved exchanging cash for people whom they believed may be engaging in criminal activity, as well as allowing victims of “ransomware” attacks to trade cash for bitcoins. During these “ransomware” attacks, cybercriminals would “electronically block access to a victim’s computer system until a sum of ‘ransom’ money, typically in bitcoins, [was] paid to them.” In an attempt to evade detection, Murgio, Lebedev, and their co-conspirators operated through “Collectables Club,” a fake front-company. Also in an attempt to avoid detection, Murgio obtained beneficial control of a New Jersey-based federal credit union, then placed Lebedev and others on the Board of Directors so that Coin.mx’s operations could be transferred to the credit union. The individuals used the credit union as a “captive bank for their unlawful business,” until at least early 2015, at which point, the NCUA discovered the illegal activity and forced the credit union to “cease engaging in such activity,” but Murgio “thereafter found new, overseas payment processing channels for his unlawful business.” Murgio and Lebedev are each being charged with one count of conspiracy to operate an unlicensed money transmitting business, and one count of operating an unlicensed money transmitting business. Each of these charges carries a maximum prison sentence of five years. Murgio also was charged with one count of money laundering and one count of willful failure to file a suspicious activity report. These additional charges carry maximum prison sentences of 20 years and 5 years, respectively.