by T. GormanPosted on Posted in SECActions

Crypto currency is one of the hottest topics in the tech and investment world. The same is true of cyber security – it is one of the most talked about subjects in tech and, in addition, compliance. tThe Manhattan USAO’s latest case merges the two into the factual predicate for a securities fraud action. U.S. v. Montroll, No. 1:18-mj-1372 (S.D.N.Y.).

Defendant Jon Montroll was the operator of WeExchange Australia, Pty, Ltd. and BitFunder.com The former was a bitcoin depository and currency exchange service. The latter facilitated transactions in virtual shares of entities that listed on BitFunder.

Over a period of seven month beginning in December 2012 Mr. Montroll misappropriated a portion of investor bitcoins on the WeExchange. Subsequently, in July 2013 he began promoting Likyo.Loan, a security that Mr. Montroll urged investors to view as “a sort of round-about investment” in BitFunder and WeExchange, as well as a loan. The interests could also be redeemed at face value.

Hackers penetrated BitFunder’s programing code during the summer of 2013. The hackers caused the program to credit their accounts. Following the hack Mr. Montroll did not have the bitcoins necessary to cover those owed to users. Mr. Montroll did not disclose the hack to investors. Rather, he continued to promote Likyo.Loan, telling at least one investor that it was a commercial success – an incorrect statement.

Subsequently, the SEC opened an investigation. During testimony Mr. Montroll displayed a screen shot that supposedly documented the total number of bitcoins available to BitFunder users in the WeExchange Wallet as of October 13, 2013. The representations in the screen shot were false. During the testimony that followed Mr. Montroll falsified the details of the hack.

Mr. Montroll pleaded guilty this week to one count of securities fraud and one count of obstruction of justice. The date for sentencing has not been set. See also SEC v. Montroll, Civil Action No. 1:18-cv-01582 (S.D.N.Y. Filed Feb. 21, 2018).

Tagged with: , ,

by T. GormanPosted on Posted in SECActions

Cyber security is a topic which is front and center, not just as a compliance issue but for being prepared to manage a hack and the multiple issues such an event creates. The huge hack at Equifax, Inc. is a prime example. There, in the summer of 2017, the personal information of about 145,000 customers was compromised, presenting the firm with significant issues. One of those issues was insider trading. U.S. v. Bonthu, No. 11-cr-00237 (N.D. Ga. Filed June 28, 2018).

Sudhakar Reddy Bonthu was a software development manager and a member of Equifax’s Global Consumer Services team. In the summer of 2017 the manager was given information regarding the massive breach by his employer, although he was not specifically told about the hack. Indeed, the firm took steps to cabin that information. On August 25, 2017, however, Mr. Bonthu was told that the target date for publically announcing what happened was September 6, 2017.

Through his position at the firm Mr. Bonthu learned other information about the breach. By the end of August 2017, for example, he understood that the personal information of numerous customers had been compromised. Specifically, he learned that the names and social security numbers for at least 100 million customers had been compromised. He also received a work related email about the breach with a file attached titled “EFXDatabreach.postman_collection.” EFX is the ticker symbol for Equifax stock.

On September 1, 2017 Mr. Bonthu purchased 86 put options in Equifax stock. The expiration date was September 15, 2017. His employer announced the data breach six days later on September 7, 2017. The share price of Equifax stock fell the next day. Mr. Bonthu was able to exercise his put options, realizing a profit of more than $75,000.

This week Mr. Bonthu pleaded guilty to insider trading charges. Sentencing is scheduled for October 18, 2018. See also SEC v. Bonthu, (N.D. Ga. Filed June 28, 2018).

Tagged with: , ,