Between 2015 and 2018, Estonian nationals Sergei Potapenko and Ivan Turõgin collected more than $575 million from hundreds of thousands of retail investors worldwide through HashFlare, a cloud mining service that purported to rent them shares of a massive Bitcoin and cryptocurrency mining operation. According to a 2022 DOJ indictment, the underlying hardware performed Bitcoin mining at less than one percent of the computing power HashFlare claimed to have. Customers who tried to withdraw earnings were either stonewalled or paid with cryptocurrency the founders purchased on the open market — not proceeds from any actual mining.
HashFlare launched publicly in April 2015 under the corporate umbrella of HashCoins OÜ, an Estonian technology company the two men controlled. The platform sold contracts denominated in gigahashes or megahashes per second across multiple algorithms: SHA-256 for Bitcoin, Scrypt for Litecoin, and later ETHASH, Dash, and Zcash contracts. A polished web dashboard displayed running earnings figures in real time. Those figures were fabricated. When global Bitcoin prices fell sharply in mid-2018 and maintenance fees began exceeding stated returns, HashFlare announced on July 24, 2018 that it was terminating all SHA-256 Bitcoin contracts, citing a clause that allowed cancellation when daily fees exceeded customer payouts for 28 consecutive days. Customers reported their remaining balances were not refunded; HashFlare had simultaneously introduced new KYC and AML protocols that effectively froze unverified accounts.
Potapenko and Turõgin were arrested in Tallinn on November 20, 2022, in a joint operation by Estonian police and the FBI, and extradited to the United States in 2024. On February 12, 2025, both men pleaded guilty to one count each of conspiracy to commit wire fraud in the US District Court for the Western District of Washington. On August 12, 2025, Judge Robert S. Lasnik sentenced each defendant to time served — 16 months in detention since their 2022 arrest — plus a $25,000 fine and 360 hours of community service. The sentence, far below the 10-year terms prosecutors sought, immediately prompted controversy; the Department of Justice announced it was considering an appeal. As part of their plea agreement, Potapenko and Turõgin agreed to forfeit assets valued at more than $400 million for victim restitution.
The HashFlare case is the largest cloud mining fraud by dollar amount to result in US criminal convictions to date, and the first major instance of the DOJ successfully extraditing European nationals specifically for hashrate contract fraud.
From at least January 2018 through 2022, Luiz Carlos Capuci Jr., co-founder and CEO of Mining Capital Coin (MCC), orchestrated a $62 million global investment fraud by selling cloud mining packages that he claimed were backed by an international network of cryptocurrency mining machines. MCC also promoted a proprietary token called Capital Coin, which Capuci described as “stabilized by revenue from the biggest cryptocurrency mining operation in the world.” Neither the mining operation nor the stabilization mechanism existed as represented. Investors who purchased mining packages were told they would receive daily returns of one percent paid weekly; those returns were later converted to Capital Coin, redeemable only through a fake trading platform called Bitchain that Capuci controlled. The DOJ unsealed a criminal indictment on May 5, 2022, charging Capuci with conspiracy to commit wire fraud, conspiracy to commit securities fraud, and conspiracy to commit international money laundering. Capuci, believed to be in Brazil as of the indictment’s unsealing, remains a fugitive. The SEC filed a parallel civil action. As of the filing date, criminal proceedings remain pending, and an SEC civil trial was scheduled for 2025 in the Southern District of Florida.
The MCC case illustrates the replication of a fraud template across a new generation of cloud mining operators. The structural elements — fake mining infrastructure, a fabricated proprietary token, a captive redemption platform, and an MLM recruitment layer — reproduced, at smaller scale, the architecture previously used in BitClub Network and HashFlare, with additional complexity provided by the locked redemption mechanism that prevented investors from liquidating their Capital Coin holdings on any independent market.
MiningCity (miningcity.com) was a global Bitcoin cloud mining scheme operated primarily by Grzegorz Rogowski — publicly presented as “Gregory Rogowski” or “Greg Strong” — and backed by Eyal Avramovich, who owned both MiningCity’s parent company Prophetek Ltd. and MineBest, the Warsaw-based mining firm that provided the infrastructure narrative. Launched in mid-2019, MiningCity sold 1,100-day hashrate contracts denominated in Bitcoin and, from late 2019, in Bitcoin Vault (BTCV), a proprietary token created by MineBest. The scheme raised an estimated $300 million from investors concentrated in Japan, South Korea, Vietnam, and the Philippines, plus a substantial European and Latin American base. It paid returns using new investor funds rather than genuine mining proceeds and collapsed in late 2022 when withdrawal access was restricted and then effectively eliminated, leaving investors with illiquid BTCV tokens on a platform called iMine that Avramovich subsequently merged with the remnants of the MiningCity operation. Multiple securities regulators — including those of the Philippines, the United Kingdom, Canada, Cyprus, South Africa, and Poland — issued formal fraud warnings between 2020 and 2024. As of the date of this filing, Rogowski is believed to have relocated from Poland to Dubai; Avramovich’s whereabouts are similarly uncertain. No confirmed US court filing or criminal indictment against MiningCity, Rogowski, or Avramovich has been located in public records, though the scheme’s scale and multi-jurisdictional regulatory findings place it among the largest cloud mining MLM frauds of the 2019–2022 period. The Status designation of Arrested reflects the ROSTER’s classification based on information available at the time of compilation; no specific arrest event has been independently confirmed in the public record as of the date of this filing.
The scheme differentiated itself from straightforward cloud mining contract frauds by embedding a multi-level marketing compensation structure that made investors into recruiters and created powerful social incentives to bring in new participants and suppress internal dissent. Unlike HashFlare or BitClub Network, which sold contracts to passive investors, MiningCity built a sales organisation of participants who earned commissions on their recruits’ investments — converting every investor into a potential promoter whose financial interest was aligned with growing the pool of new depositors.