Marc Merrill, the cofounder of Riot Games, was the victim of a massive fraud that started in November 2014, when his American Express credit card information was used to buy up cloud computing power from Amazon, Google and others, according to a just-unsealed court filing discovered by Forbes . The man accused of stealing Merrill's identity, Singaporian national Matthew Ho, was said by investigators to have used those Amazon and Google servers to mine various cryptocurrencies, including Bitcoin and Ether. Before it was eventually noticed in January 2018, Ho had racked up bills totalling $5 million with Jeff Bezos' tech giant, according to the government's allegations. At least one payment of that bill, for $135,000, was made on Merrill's Amex card in December 2017. (Court documents didn’t clarify whether the full $5 million bill had been paid, though the DOJ did say “some” were). The same card had been used to pay for Riot Games' actual Amazon Web Services cloud computing products.
Thought the charges against Ho were revealed by the Department of Justice in October, the victim - Merrill - had not previously been revealed. Neither Merrill nor Riot Games had responded to requests for comment at the time of publication. It's unclear how his personal information and credit card data were pilfered.
Bitcoin Closing Prices from Oct 11, 2019 to Nov 07, 2019
Forbes Media / CoinMarketCap.com Ho tricked Amazon into believing he was Merrill, who co-created the massively popular, $20 billion-making League of Legends title , in various ways, as per a search warrant for the accused's Facebook account. He'd created a fake Californian driving license that carried Merrill's name and used an email address that appeared to be a legitimate Gmail for the Riot Games co-chairman, according to the court filing. For further "proof" of identity, he presented Amazon with one of Merrill's real home addresses, the feds said.
Because Merrill was an established Amazon customer, Ho was given "access to substantially elevated levels of cloud computer services," investigators wrote, though didn't disclose exactly what those priveleges were.
Ho used the same Gmail address - [email protected] - to contact Google and sign up to its cloud services, which he would again use for mining cryptocurrency, according to the search warrant. A total of 16 separate payments were made by the fraudster to Google on Merrill's Amex card, which he shared with his wife, authorities said, charging a total of $240,000. But "nearly all" of that was returned to the account or declined by the issuing bank.
Neither Amazon nor Google had responded to a request for comment at the time of publication.
Once he'd mined cryptocurrency, Ho sold it on localbitcoins.net. But eventually, thanks to data like IP addresses and login information provided by Amazon, Google, Facebook and others, police were able to pin down Ho as the chief suspect. He was arrested by Singapore Police Force on September 26 and is being investigated for various alleged offenses committed under Singapore law. A 14-count indictment was unsealed in the U.S. last month, which detailed other victims, including an unnamed Texas resident and an Indian tech company founder. But the defendant does not yet have counsel in the U.S. It's possible he could be forced to face charges in the U.S., as America has an extradition treaty with Singapore.
He remains innocent until proven guilty....