A Ukrainian man convicted in February of trafficking in stolen username and password credentials was sentenced to four years in federal prison Thursday, the U.S. Department of Justice announced Thursday.
Polish authorities arrested Glib Oleksandr Ivanov-Tolpintsev, 28, on Oct. 3, 2020, and extradited to the U.S. to appear in a Florida courtroom on Sept. 8, 2021. He pleaded guilty to the charges on Feb. 22, 2022.
Ivanov-Tolpinstev allegedly boasted of controlling a botnet that was capable of accessing 2,000 usernames and passwords a day, which then enabled other perpetrators to commit fraud or other crimes such as tax fraud and ransomware, prosecutors said. Between 2017 and 2019 he listed thousands of login credentials for sale on a darkweb marketplace. The scheme netted Ivanov-Tolpinstev roughly $80,000.
A CyberScoop review of court documents released after his extradition revealed that U.S. law enforcement agents gathered details on Ivanov-Tolpinstev’s crimes from apparent messages to vape shops in Ukraine. An IRS affidavit showed that a multiple email addresses associated with Ivanov-Tolpinstev were included in receipts to vape shops, while another email address was used to communicate with a dark web associate based in China.