May 25, 2013

The founder of Liberty Reserve, a digital currency that has evolved as perhaps the most popular form of payment in the cybercrime underground, was reportedly arrested in Spain this week on suspicion of money laundering. News of the law enforcement action may help explain an ongoing three-day outage at On Friday, the domain registration records for that site and for several other digital currency exchanges began pointing to, a volunteer organization dedicated to combating global computer crime.

lriconAccording to separate reports in The Tico Times and La Nacion, two Costa Rican daily newspapers, police in Spain arrested Arthur Budovsky Belanchuk, 39, as part of a money laundering investigation jointly run by authorities in New York and Costa Rica.

Update, May 28, 9:11 a.m. ET: is now resolving again, but its homepage has been replaced by a notice saying “THIS DOMAIN NAME HAS BEEN SEIZED,” and features badges from the U.S. Treasury Dept., U.S. Secret Service, and the DHS.

Original story:

The papers cited Costa Rican prosecutor José Pablo González saying that Budovsky, a Costa Rican citizen of Ukrainian origin, has been under investigation since 2011 for money laundering using Liberty Reserve, a company he created in Costa Rica. “Local investigations began after a request from a prosecutor’s office in New York,” Tico Times reporter L. Arias wrote. “On Friday, San José prosecutors conducted raids in Budovsky’s house and offices in Escazá, Santa Ana, southwest of San José, and in the province of Heredia, north of the capital. Budovsky’s businesses in Costa Rica apparently were financed by using money from child pornography websites and drug trafficking.”

For those Spanish-speaking readers out there, Gonzalez can be seen announcing the raids in a news conference documented in this video (the subtitles option for English do a decent job of translation as well).

Liberty Reserve is a largely unregulated money transfer business that allows customers to open accounts using little more than a valid email address, and this relative anonymity has attracted a huge number of customers from underground economies, particularly cybercrime.

In a now 10-page thread on this crime forum, many members are facing steep losses.

In a now 10-page thread on this crime forum, many members are facing steep losses.

The trouble started on Thursday, when inexplicably went offline. The outage set off increasingly anxious discussions on several major cybercrime forums online, as many that work and ply their trade in malicious software and banking fraud found themselves unable to access their funds. For example, a bulletproof hosting provider on known as “” (a hacker profiled in this blog last week) said he stood to lose $25,000, and that the Liberty Reserve shutdown “could be the most massive ownage in the history of e-currency.”

That concern turned to dread for some after it became apparent that this was no ordinary outage. On Friday, the domain name servers for were changed and pointed to and Shadowserver is an all-volunteer nonprofit organization that works to help Internet service providers and hosting firms eradicate malware infections and botnets located on their servers.

In computer security lexicon, a sinkhole is basically a way of redirecting malicious Internet traffic so that it can be captured and analyzed by experts and/or law enforcement officials. In its 2011 takedown of the Coreflood botnet, for example, the U.S. Justice Department relied on sinkholes maintained by the nonprofit Internet Systems Consortium (ISC). Sinkholes are most often used to seize control of botnets, by interrupting the DNS names the botnet is programmed to use. Ironically, as of this writing is not resolving, possibly because the Web site is under a botnet attack (hackers from at least one forum threatened to attack in retaliation for losing access to their funds).

Reached via Twitter, a representative from Shadowserver declined to comment on the outage or about Liberty Reserve, saying “We are not able to provide public comment at this time.” I could find no official statement from the U.S. Justice Department on this matter either. is not the only virtual currency exchange that has been redirected to Shadowserver’s DNS servers. According to passive DNS data collected by the ISC, at least five digital currency exchanges — and — also went offline this week, their DNS records changed to the same sinkhole entries at

Assuming the reports at The Tico Times and El Nacion are accurate, this would not be the first time Mr. Budovsky has attracted attention from authorities for money laundering. According to the Justice Department, on July 27, 2006, Arthur Budovsky and a man named Vladimir Kats were indicted by the state of New York on charges of operating an illegal money transmittal business, GoldAge Inc., from their Brooklyn apartments. From a Justice Department account of that case:

“The defendants had transmitted at least $30 million to digital currency accounts worldwide since beginning operations in 2002. The digital currency exchanger, GoldAge, received and transmitted $4 million between January 1, 2006, and June 30, 2006, as part of the money laundering scheme. Customers opened online GoldAge accounts with limited documentation of identity, then GoldAge purchased digital gold currency through those accounts; the defendants’ fees sometimes exceeded $100,000. Customers could choose their method of payment to GoldAge: wire remittances, cash deposits, postal money orders, or checks. Finally, the customers could withdraw the money by requesting wire transfers to accounts anywhere in the world or by having checks sent to any identified individual.”

From the U.S. government’s description, Liberty Reserve sounds virtually indistinguishable from GoldAge, except for having been based in Costa Rica. If Liberty Reseve stays offline, this could cause a major upheaval in the cybercrime economy. I will be following this case closely, and would expect to hear more about this apparently coordinated takedown following the Memorial Day holiday in the U.S. on Monday.

For now, however, many in the underground would rather believe almost any other explanation than a law enforcement takedown. The administrator of cybercrime forum, for example, has been telling forum members that the entire incident is the work of professional hackers working for Liberty Reserve’s competitors. administrator "Ninja" isn't buying the news being reported by Costa Rican media. administrator “Ninja” isn’t buying the news being reported by Costa Rican media.

Update, May 26, 10:45 p.m. ET: A competitor to Liberty Reserve, a virtual currency called Perfect Money, on Saturday posted a note to its site saying it would no longer accept new registrations from individuals or companies based in the United States. “We bring to your attention that due to changes in our policy we forbid new registrations from individuals or companies based in the United States of America. This includes US citizens residing overseas,” the company wrote. “If you fall under the above mentioned category or a US resident, please do not register an account with us. We apologize for any inconvenience caused.”

Update, May 28, 1:26 p.m., ET: I just filed a follow-up story which confirms that and other exchangers were seized by the U.S. government. The story also examines the impact of this law enforcement action on other digital currencies, including Bitcoin.

416 thoughts on “Reports: Liberty Reserve Founder Arrested, Site Shuttered

  1. bongomong

    Clearly the author of this piece considers himself an investigative journalist iff he sticks very closely to the LEA press release.

    Meanwhile in the real world, in places where Paypal doesn’t extend its services, or for people who have legitimate beefs with Paypal because of their notorious seizures of legitimate cash of legal businesses, people might try an alternative like LR.

    Mocking all users and their losses as criminals is way underhanded.

    Reminds me of the battle in NZ over megaupload. The US wanted to paint it one way, and Dotcom painted it another way. A battle of narratives.

    This article is doing the work of the LEA by promoting its narrative, and not really digging into the story of LR.

    Disclosure: I am not a user of LR.

  2. Babar

    venu, I know your english is not good (like my), but make an effort and use your brain. I will try to explain with nice and easy words.

    Venu, libertyreserve close, your money end, finish bye bye no money back.

    Understood ? Sorry to tell you like that…

    1. Siva


      This is venu’s business

      You can see how he might help cybercriminals,
      1000 captchas for $1. This guy would have made a lot of money in India.

  3. in4wget

    They thought the only way to stop cybercrime is to shutdown Libertyreserve, well it worked for learner and the new bies who will need to pay to have defaced host crypter,even finish keyloggers, what happens when you can finish your task get it and know what to do with it…new bies will grow someday. pro perfection cyber crime will never stop until all man will be equal. i will like to thief from those rich men out there who have HUNDREDS, MILLIONS, EVEN BILLION SOON. i can’t go with a gun i will send my zoombie from home.just beat robots cos they aREn’t human no feelings fo them… Deal with it…

    1. joe

      tell me more on how to use the robot i need to learn more

  4. pengamat

    Gitu aja panik, sudahlah relakan.. itung2 amal


    In case these news are real and LR won’t come back,
    please go to and nominate LR for the best mass
    ownage of the year.

    Brian will attend BH-USA, he can take the pwnie to the FBI agents
    in case they will be busy eating donuts and miss the event.


  6. CooloutAC

    ONLY CRIMINALS WANT TO REMAIN ANONYMOUS WHEN BANKING. Normally i wouldn’t care…..but the anonymity affects my online gaming and my country.

    and to the guy who thinks laws don’ stop crimes. We are living in kind of the internet barbarian/dark ages, and your pretty naive and full of yourself if you don’t think we are going to evolve past your caveman attitude. Stop thinking your vote doesn’t matter and community organize like they did in the 60s.

    The world gets more civilized as we grow, and yes that also means more equal. Even the way we kill each other gets a little more civilized. hopefully we don’t nuke ourselves….

    But to think that you are somehow not just a greedy little weasel so fake he has to be anonymous 24/7 for his own selfish delusional fantasies, is hard to believe. I’m sorry.

    and I can’t believe someone in some poor country is trading currencies to feed his goats, and not using it as a cover for what he really does to feed his family.

    And i can’t believe that someone that smart coudln’t find something legal to do. Especially if your NOT American. Because all the fkn computer jobs go to your fkn countries!

    1. John Gotti

      The internet represents Anonymity, all users have equal rights and if one’s activity effects yours well that’s just too bad.

      Word of advice, all big man, woman, companies, corporations and nations didn’t make it to where they are by not being anonymous 24/7 and doing the work legally.

      In this world either you’re part of the system and get stomped or you’re above it and become the stomper.

      Government, law officials and sophisticated criminals are the same; Thinkers, Ambitious, Opportunists. They both hide in plain sight, while covering their ass.

      1. Barawic

        I cant believe you really believe all this .

        “The internet represents Anonymity, all users have equal rights and if one’s activity effects yours well that’s just too bad.”

        So kids affected by child pornography, adults sold in to slavery, terrorist information… all these are “Just too bad” if someone else thinks like you? Tell that to the victims of the terrorist atrocities killed with information found on the net.

        “Word of advice, all big man, woman, companies, corporations and nations didn’t make it to where they are by not being anonymous 24/7 and doing the work legally.”

        I’m guessing most did most of the time, however as we in general know who they are we can at least challenge them, except possible those really big ones. If we can’t the maybe we should use democracy to make it so we can? Get involved with the real world where you could make a real difference.

        “In this world either you’re part of the system and get stomped or you’re above it and become the stomper.”

        So what happens to the idea that we have a duty to each other? If it wasn’t for “the system” most people would starve. It might not be perfect but most people have a roof over their heads and a large percentage have sufficient food. It could be better but we should work to improve it. Are you really sure you care about how many cars, houses, yatchs people have? I’ve a roof over my head and sufficient food, any thing else would be considered a luxury through out most of history and personally, apart from a few things I’d not want more. If anarchy ruled we’d all lose by it.

        “Government, law officials and sophisticated criminals are the same; Thinkers, Ambitious, Opportunists. They both hide in plain sight, while covering their ass.”

        Then try voting and getting others to vote for people who would make a difference. The only reason this statement may be true is indifference to politics by the general public. If enough people agreed with you the system could change. In some countries it’s known as democracy.

        I can’t help fealing that most of the people who complain about the possible affects of this event are people who are failures in real life. Their attitude seems to be “We failed, can’t be us, must be the system” If it’s a bad system campaign to change it openly, stop hiding.

        … and I think I managed to write all this politely without stating what I really think of them

  7. joyce

    OMG the smoothest robbery i ever seen, doing by the owner, spanish, costarican and newyorker authority.

  8. Jeffrey Lyon

    Our company conducted a pretty significant amount of business via Liberty Reserve, and it was not illegal. We offer a perfectly legal product. The U.S. (and other) government’s rash and inconsiderate actions shall yet again damage their own economy and impact the livelihoods of law abiding citizens.

    1. Bob "The Geek"

      But mr. Krebs said that Liberty Reserve was used only for child pornography!!! I Trust Brian, probably you are money laundering scammer!!!

    2. Blacklotus beef

      In that thread, you acted exactly like a blackhat/bulletproof hoster.

      You lied about nullrouting abusive customers;
      You lied about cutting off customers;
      You lied about your own IP space;
      You threw tantrum after tantrum, just like spammers do.

      I would be surprised if much of your “business” transacted through LR was legitimate.

      1. Jeffrey Lyon

        Your comments are very short sighted and misinformed, which is not surprising when one relies on NANOG for their news.

        1. Blacklotus beef

          You’re like the kid in class who throws something, without breaking eye contact with the teacher, and then claims it was someone else.

        2. Blacklotus beef

          If anyone read the NANOG thread posted above where Mr. Lyon lied about nullrouting abusive customers and behaved very badly, and then determined his ISP ( to be worth blocking, you can block these netblocks:

    3. Barawic

      I’m intregued. If the system was dubious what is a legitimate company doing using it? Was there no better, more above board, way of doing your business?

  9. Bob "The Geek"

    Thank you mr. Krebs for closing Liberty Reserve. It’s our victory in cybercriminal war. Now we can celebrate !!! Go GO USA!!!

  10. Cruel

    USA Governmental bodies and authorities are criminals they should be hanged till death.

  11. M U


    LR alternative is Just like LR.


  12. ATM

    Hello LR,pls give me my money ooo… My $1200 is their.

  13. last screw

    I doubt it will hurt cyber crooks seriously, since i doubt they keep most of assets in one place, let alone online, stolen/dirty money, except operational expense one, must be withdrawn and converted into some other assets because of money trail anyways. Thats common sense.

    Now, I invite Brian to remember what happened with shadow crew bust years ago, and how “blow” to cybercrime turned out into something nasty later. This is the same, those guys will just scatter as roaches again and build up way more obscure ways of money flows. I mean now its obvios to look @ LR, however after year or so those guys will be so deep into ground, we will only wonder how they funnel stolen money around.

    Also I disagree that LR is mostly crooks, yes, LR gives a lot of juicy pros to crooks, but legitimate stuff is common there too. Question is: who will feast upon LR assets now …

  14. Lotus EQ

    I trust US inefficiency. In all their desirable battle to dislodge cybercriminals, they have only succeeded in making a fool of themselves. I should ask New York how much Ebay is paying to kill this competition (LR)? I should also ask Costa Rica to forget this promise of debt relief, it won’t come.
    Ebay thinks it can make paypal #1 electronic payment system, but it won’t work. Even renting muppet journalists like the writer of this article is a shame. Paypal stole my hard earned money and gave it to US government to cover widening deficit, but it has continued to to widen 4 years after. Ninny heads

  15. Dave

    I have to fall on the side of the “money launderers” on this one.

    These services are bringing down heat on themselves because they are doing the good work of hitting the State (ie, governments in general) right where it hurts the most – their pocketbooks.

    I understand that some of the users are unsavory and criminal, but I have a feeling that these targeted takedowns extend far deeper than that, under the guise of hindering malicious activities.

  16. last screw

    Oh i forgot. People tend to buzz about lost money. Fine, but thats not the main cybercrime related feature here. Well, i will tell you this: the real stuff are years of transaction histories FED’s will have now, it will include cyber crooks, simple crooks, foreign corrupt money laundering officials and god knows what else.
    Thats a little box of pandora. It will probably slowly seep into LE computers for years to come, and possible outcome may scare the … out of lot of special individuals.

  17. jack spisser

    i think it makes sense if lr is down today perfectmoney will be next then shutting down other domains is going to go on untill paypal spreads its dominance which i obviously think its not going to work .i may want my money too but at the end of the day i hope lr comes back . if lr should manager to come back it will gain more fame so if the reports are not true then the us government will be creating more harm than good to themselves.

  18. Slim

    American gov think there are gods but there not.

  19. omg they did it

    I’m with last screw on this

    The real damages aren’t going to be the money, no, not for the crookz, it’s all those times they checked up on their LR accounts without proxies vpns and tor nodes, and whatever stuff they slipped with because they felt safer using LR.

    You can bet your ass certain individuals are making emergency preparations right now 🙂

    And yes, there will be people who are perfectly legit with their LR business, and we’ll have to trust that those not engaged in criminal activities will get their money back.

    I’m also sick of people who are darn well knowing what they are doing (facilitating resources that aid in criminal activities) being painted as humanitarians. They’re controversial at best.

  20. Riku

    I would recommend all ex-Liberty Reserve users to consider Bitcoin. It can’t be shut down, unless they shutdown the whole internet.

  21. Yoin

    We all need to fight this mess!
    U.S should gives innocent LR clients their hard earn
    money back.

  22. shahrose

    I want ma money and ma online hard working business back by spending whole nite which I earned ..

    I am not a cybercrimmer..

    I am just a needy Whom you got in this position to be begger..

    Shame on All of This..

    There should be recovery !!

  23. Barawic

    One question for every one. Could someone explain to me who regulates these systems? At least “legitimate” systems such as paypal have to answer to someone, even if the authorities are not perfect. Given the trouble in the regulated financial systems god knows how these systems work.

  24. michael

    first megaupload, now that will come after Liberty Reserve, AlertPay, solidtruspay? this will create mistrust and nobody will invest in online business

    It is not good for sinners righteous pagen

  25. Simon

    All these comments by these 1337 script kiddies sure does bring down the tone of the comments here, Brian.

    1. BrianKrebs Post author

      Simon, I have better things to do than to moderate comments. I pretty much leave them be as long as they’re not full of profanity or vicious attacks. Believe it or not, I’ve already culled about 60 comments from this thread.

    2. BrianKrebs Post author

      I should also note that this post has been updated to reflect some news about Perfect Money, a competing virtual currency.

      On Saturday, Perfect Money said it would no longer allow new accounts from U.S. citizens or businesses. Pretty hard to see this as anything other than a coordinated effort now.

  26. uyjulian

    This is why they should have used bitcoins…

  27. Toad

    IF YOU EARNED YOUR MONEY HONESTLY, I suggest you contact your government. Submit some kind of proof that it was not earned running a brothel (funny how people who whine about Liberty never think about the women sold as sex slaves) or otherwise illicitly. Your government can represent your case to the US and it’s likely that your money will be returned. NO ONE in the US government really wants to cause a lot of collateral damage.

    On the other hand, no one on the crime side seems concerned about collateral damage, except as a shield they can cower behind. I’m still waiting for the loudest complainers to submit even a shred of proof that they actually know some poor laborer who lost all his savings.

    And all you Robin Hood wannabes … in your stealing from the “rich” did you actually give any money at all to the dishwashers in SE Asia that you think are so downtrodden? Name one? I didn’t think so. Another excuse to whine.

    1. voksalna

      This is erroneous. Or you should tell this to the many people who’ve lost both money and even server access over the years due to American overzealousness.

      I’d also like to point out that services or money that you can’t access for many months/years depreciates for you.

      But I think you are grossly misrepresenting this in the first place. Or you can show me some instances. I do not think most governments have the time or patience to care about hundreds or thousands of their citizens due to principle of time is money, not to mention 10 or 5 or 1. This is not how government works except in the smallest places. Villages maybe.

      The world is not a village.

      1. TheresMoreToLife

        voksalna, I’ve read all of your comments, and you’ve won me over.

        Seizing everyone’s assets is unjust. Undoubtedly, some innocent customers — BK to name one! — are victims of a much larger abuse; namely, might makes right.

        It’s hard to miss the irony: BK has been urging PayPal to stop taking payments for DDoS attacks, but to avail. Why is it easier to stop “them,” and ignore “us”?

        1. voksalna

          The simplest answer is probably ‘friction’ and uneven distribution of power, probably.

          And thanks. 🙂

    2. Mitchell

      The seizure and closure of Liberty Reserve victimizes 1000’s of honest individuals. Today, in an interview with Leo Kelion of the BBC I explained that most LR account holders are legitimate individual’s whom rely on alternative services,such as, LR because mainstream services overcharge and are extremely limited in some regions. Those fortunate enough to count on cable television, fiber optic national networks and Starbuck on every conner sometimes have difficulty understanding that alternative services tend to arise from need fulfillment. The consequences of LR’s closure will do little to disrupt criminals. Their ill gotten gains have vanished but so have those of honorable people and here in lays the mistaken notion utilized to justify the seizure. Few Americans use LR nor need too and because of this there will be limited media coverage consequently the true impact will be minimized. Undoubtedly Mr. Krebes is a security expert, however, his comments have painted with a broad stroke and serve to stigmatize because they do not clarify…the vast majority of LR users were not pedophiles, drug kingpins, and malware vendors achieving a guilt by association mind set. Sadly, these aspects are salacious and misrepresentative of the majority of LR account holders and is akin to blaming a women’s cloths or make-up for being raped, blaming the victim for being a victim. Such is my case. I am the founder of a prepaid debit solution (ePay-cards) which utilized LR to receive funds in exchange for virtual credit cards. This closure represents a loss of $27.5k . Our customers depend on us to provide them a widely acceptable manner of payment allowing them partake in e commerce. Our concept – provide a prepaid card virtually – enables millions of unbanked individuals throughout LATAM, Asia, and Africa access. Our products our backed by agreements with Banks in Europe and providers such as Visa and MasterCard. We launched in 2011. We were self funded and dedicated, now, it would seem, we are un employed. Had LR had a strong following in the US would the DOJ have shut them down? NOPE!

      1. Harry Johnston

        Mitchell, could you explain what LR did for you that you couldn’t have done for yourself? That is, why is it that your customers could get money to LR but not directly to you?

        This is a genuine question, I’m still unclear as to what it is exactly that apparently made LR so attractive to so many people, apart from the criminal element.

        1. Mitchell

          Reasonable pricing….1% charge compared to almost 4% on PayPal. Instant notification. A very good API system. And most importantly-No Fraud! The Liberty Reserve system did not allow “charge backs”. All transactions were final, therefore, fraudulent claims were non existent. We attempted to work with PayPal, given their popularity, but found that 4 out 6 request were from hacked, phished or stolen accounts. Services,the likes, of Western Union and MoneyGram, which we currently accept, tend to be too expensive for our typical customers. They also offer very limited “outbound” services from countries other than the US, Canada and Europe.

          1. voksalna

            It seems we are in a similar situation.

            One other thing I do believe non-users of Liberty Reserve have no idea about is the VERY VERY good access control and account security (which is also highly configurable). In fact LR’s account security capabilities actually went far beyond any banking institution available to me or pretty much anybody else out there. I know this because (unlike what people like Toadbrooks may believe) I am actually very well-versed in PCI and banking security, as well as modern malware capabilities.

            Paypal accounts get grabbed by formgrabbers and password savers pretty much immediately. Multi-factor authentication like we had in LR subverted almost all attempts short of phishing (and I would submit that people who would fall for a LR phish, short of actually having ring 0 permissions on the machine accessing LR and manipulating the DNS as a MITM and thus the transactions in real-time, are not very intelligent anyway).

          2. Harry Johnston

            I think you misunderstood my question: I wasn’t asking why you used LR instead of PayPal, I was asking why you need to use a third party at all. That is, if a potential customer can send money to LR, however that worked, why can’t they do the same thing to send money directly to you?

            1. voksalna

              You’re technical so I will just give a short phrase for one reason: “source routing”.

            2. Mitchell


              Their are several answer to your question. I shall cover only a few here for the sake our discussion.
              1. Payment collection, if operated ourselves, would require bank accounts in hundreds of countries. Far to many additional staffers would be required to oversee and administrate such an operation.
              2. The cost and dismay of converting, Pula’s, Pesos, Colones, Rupees ,etc to dollars would have a direct impact on the cost of the product.
              3. Ultimately, the cost of these operations would be passed on to the price of the product deeming it unobtainable.

              1. Robert

                How can we access profitclicking account?

  28. TaskForce717

    Brian what a record on this one “BRO” . Resonse comments out of every where . Later . Touched a nerve again . 🙂

Comments are closed.