Sydney Man Convicted of Selling Stolen Netflix Logins Must Now Forfeit Crypto Gains

Sydney Man Convicted of Selling Stolen Netflix Logins Must Now Forfeit Crypto Gains
Image: iStock

A Sydney man who was selling stolen subscription service deets has to now forfeit over $1.66 million in crypto (and some cash) as penance. The 23-year-old was already handed a two year and two months’ sentence back in April for operating the mega illegal service that sold logins and passwords for Netflix and Spotify.

$1.2 million of the to-be forfeited crypto gains is the largest Commonwealth forfeiture of cryptocurrency. It’s being given to the Minister for Home Affairs Karen Andrews, who will now redistribute the funds to support crime prevention, law enforcement and community-safety related initiatives.

“Good work by the AFP has seen a criminal stripped of their ill-gotten gains, and this money redirected to enhancing the safety and security of communities right around Australia,” Andrews said.

“I will continue to fund projects and initiatives that make it harder for criminals to prey on Australians, by using proceeds of crime that are seized from criminals themselves.”

As detailed by the Australian Federal Police, the Sydney man conspired with a man in the United States to steal the credentials and then sold them online at a cheaper rate.

After the offender pleaded guilty to various criminal offences in October 2020, the AFP-led Criminal Assets Confiscation Taskforce (CACT) obtained restraining orders over cryptocurrency plus bank and PayPal accounts held in false names, but suspected to be controlled by the man.

Last week, the Supreme Court of NSW ordered the forfeiture of $1.66 million in cash and crypto to the Commonwealth Confiscated Assets Account.

The investigation actually kicked off in May 2018, after the FBI referred information to the AFP about an account generator website called WickedGen.com. WickedGen operated for approximately two years selling stolen account details for online subscription services, including Netflix, Spotify and Hulu. The account details belonged to unknowing victims in Australia and internationally, including the US.

The AFP said it further identified the Sydney man to be the creator, administrator and primary financial beneficiary of a further three “account generator” websites: HyperGen, Autoflix and AccountBot.

The account details of users in Australia and abroad were confirmed through credential stuffing — which allows a list of previously stolen or leaked usernames, email addresses, and corresponding passwords to be re-used — and sold for unauthorised access.

According to the AFP, across the subscription services, the offender had at least 152,863 registered users and provided at least 85,925 subscriptions to illegally access legitimate streaming services.

The man received more than $680,000 through PayPal, by selling subscriptions through these sites. He converted some of these proceeds into various cryptocurrencies.

The Sydney man, who in April 2021 was handed a two year and two months’ sentence to be served by an intensive corrections order, claimed he had obtained a financial benefit of $500,000 to $1 million from operating the websites.

AFP says many criminals wrongly believe law enforcement could not take away their ill-gotten wealth if it had been converted to cryptocurrency. But during the 2020-21 financial year, the CACT confiscated almost $54 million in assets.