Between 2015 and 2018, Estonian nationals Sergei Potapenko and Ivan Turõgin collected more than $575 million from hundreds of thousands of retail investors worldwide through HashFlare, a cloud mining service that purported to rent them shares of a massive Bitcoin and cryptocurrency mining operation. According to a 2022 DOJ indictment, the underlying hardware performed Bitcoin mining at less than one percent of the computing power HashFlare claimed to have. Customers who tried to withdraw earnings were either stonewalled or paid with cryptocurrency the founders purchased on the open market — not proceeds from any actual mining.
HashFlare launched publicly in April 2015 under the corporate umbrella of HashCoins OÜ, an Estonian technology company the two men controlled. The platform sold contracts denominated in gigahashes or megahashes per second across multiple algorithms: SHA-256 for Bitcoin, Scrypt for Litecoin, and later ETHASH, Dash, and Zcash contracts. A polished web dashboard displayed running earnings figures in real time. Those figures were fabricated. When global Bitcoin prices fell sharply in mid-2018 and maintenance fees began exceeding stated returns, HashFlare announced on July 24, 2018 that it was terminating all SHA-256 Bitcoin contracts, citing a clause that allowed cancellation when daily fees exceeded customer payouts for 28 consecutive days. Customers reported their remaining balances were not refunded; HashFlare had simultaneously introduced new KYC and AML protocols that effectively froze unverified accounts.
Potapenko and Turõgin were arrested in Tallinn on November 20, 2022, in a joint operation by Estonian police and the FBI, and extradited to the United States in 2024. On February 12, 2025, both men pleaded guilty to one count each of conspiracy to commit wire fraud in the US District Court for the Western District of Washington. On August 12, 2025, Judge Robert S. Lasnik sentenced each defendant to time served — 16 months in detention since their 2022 arrest — plus a $25,000 fine and 360 hours of community service. The sentence, far below the 10-year terms prosecutors sought, immediately prompted controversy; the Department of Justice announced it was considering an appeal. As part of their plea agreement, Potapenko and Turõgin agreed to forfeit assets valued at more than $400 million for victim restitution.
The HashFlare case is the largest cloud mining fraud by dollar amount to result in US criminal convictions to date, and the first major instance of the DOJ successfully extraditing European nationals specifically for hashrate contract fraud.
Between April 2014 and December 2019, BitClub Network collected at least $722 million from investors worldwide by selling membership shares in a purported Bitcoin mining pool. The founders, led by Matthew Brent Goettsche, promised that members would receive a proportional share of block rewards from a real Bitcoin mining operation. In reality, the mining dashboard that displayed those earnings was fabricated, and the scheme functioned as a classic Ponzi: new investor money paid existing members, who were further incentivized to recruit additional participants. Five co-conspirators were arrested on December 10, 2019. By June 2026, plea agreements and convictions had been secured for three defendants; Goettsche himself remained in pre-trial status awaiting a scheduled 2026 trial date, and two other co-defendants’ sentencings were pending repeated court delays.
The scheme ran across multiple continents and used polished web dashboards, mining hardware photographs, and the credibility of the Bitcoin mining industry to sustain the illusion. Internal communications produced in court proceedings revealed the operators’ private contempt for their own investors: Silviu Catalin Balaci, the scheme’s technical architect, wrote in messages to Goettsche that they were “building this whole model on the backs of idiots” and described prospective investors as “dumb.” Those communications, disclosed in DOJ filings, became some of the most-cited exhibits in the case’s public record.
The $722 million figure, drawn from the DOJ’s December 2019 indictment for the District of New Jersey, made BitClub Network one of the largest cryptocurrency frauds by dollar amount charged in federal court at the time of arrest. The victims included retail investors across the United States, Europe, Asia, and Latin America who had purchased pool shares expecting passive income from mining operations that were, at best, a fraction of what was represented.
Between approximately May 2014 and January 2015, Homero Joshua Garza, founder and CEO of GAW Miners LLC and its affiliated entities ZenMiner and ZenCloud, defrauded investors of $9.18 million by selling “Hashlets” — virtual cloud mining contracts that he claimed were backed by real computing hardware in his companies’ data centers. The companies sold more hashrate than their infrastructure could deliver, and the contracts were in part fictitious. Garza then compounded the fraud by launching Paycoin, a proprietary cryptocurrency, and publicly promising that he would maintain its price above $20 per unit using a $100 million reserve that did not exist. Paycoin peaked near $16 before collapsing below $2 within weeks. Garza pleaded guilty in April 2017 to one count of wire fraud in the District of Connecticut and was sentenced on September 13, 2018, to 21 months in federal prison, three years of supervised release (the first six months in home confinement), and restitution of $9,182,000. The case is the first major cloud mining fraud prosecution in US history and established that selling cloud mining contracts backed by de minimis or nonexistent hardware constitutes wire fraud.
The dollar losses in the GAW Miners case are modest compared to later cloud mining frauds, but its historical significance exceeds its dollar value. Garza’s prosecution was the first time a US federal court definitively established that fake hashrate contracts are criminally fraudulent, creating the legal precedent that would govern cloud mining enforcement for the following decade. The SEC’s parallel civil action, filed in December 2015, added securities fraud liability on top of the criminal charge, creating a dual-enforcement template that regulators later applied to BitClub Network, Mining Capital Coin, and MiningMax.
From at least January 2018 through 2022, Luiz Carlos Capuci Jr., co-founder and CEO of Mining Capital Coin (MCC), orchestrated a $62 million global investment fraud by selling cloud mining packages that he claimed were backed by an international network of cryptocurrency mining machines. MCC also promoted a proprietary token called Capital Coin, which Capuci described as “stabilized by revenue from the biggest cryptocurrency mining operation in the world.” Neither the mining operation nor the stabilization mechanism existed as represented. Investors who purchased mining packages were told they would receive daily returns of one percent paid weekly; those returns were later converted to Capital Coin, redeemable only through a fake trading platform called Bitchain that Capuci controlled. The DOJ unsealed a criminal indictment on May 5, 2022, charging Capuci with conspiracy to commit wire fraud, conspiracy to commit securities fraud, and conspiracy to commit international money laundering. Capuci, believed to be in Brazil as of the indictment’s unsealing, remains a fugitive. The SEC filed a parallel civil action. As of the filing date, criminal proceedings remain pending, and an SEC civil trial was scheduled for 2025 in the Southern District of Florida.
The MCC case illustrates the replication of a fraud template across a new generation of cloud mining operators. The structural elements — fake mining infrastructure, a fabricated proprietary token, a captive redemption platform, and an MLM recruitment layer — reproduced, at smaller scale, the architecture previously used in BitClub Network and HashFlare, with additional complexity provided by the locked redemption mechanism that prevented investors from liquidating their Capital Coin holdings on any independent market.
Between September 2016 and October 2017, MiningMax LLC solicited approximately 270 billion Korean won — equivalent to $250 million — from roughly 18,000 investors across 54 countries by selling access to Ethereum mining rigs and pool contracts that promised monthly returns of $800 to $1,200 per machine. The company, registered in Las Vegas but operated primarily by South Korean nationals, ran a seven-tier multi-level marketing structure in which investors were rewarded for recruiting additional participants. Of the $250 million collected, roughly $80 million was actually spent on mining hardware; approximately $110 million was diverted to offshore accounts controlled by the scheme’s organizers. The chairman identified in South Korean prosecutions as Daniel Park (Nam Ho Park) and several other top executives fled South Korea and were placed on Interpol’s wanted list. By December 2017, South Korean prosecutors had indicted 21 individuals and arrested 14 on charges of fraud and violations of the country’s door-to-door sales laws. California’s Department of Financial Protection and Innovation issued a desist-and-refrain order against MiningMax in 2020. As of the filing date, the chairman and vice chairman remain fugitives; the 14 individuals arrested in South Korea faced prosecution there.
The MiningMax scheme is distinguished by its geographic scale — 54 countries affected, including approximately 2,600 US investors — and by the sophistication of its cover story. Unlike some cloud mining frauds that sold entirely nonexistent hardware, MiningMax actually purchased mining equipment and operated it at a fraction of the scale it represented. This partial reality — real machines, real hashing, inadequate returns, fabricated performance figures — made the fraud harder to detect at the individual investor level and illustrated how a cloud mining scheme can operate with genuine physical infrastructure while still being systematically fraudulent in its representations to investors.
HashBX Global Co., Ltd., a Bangkok-based cloud mining platform founded in 2016 by Wanchaleom Langkaweekate, collected funds from Thai retail investors by renting purported Bitcoin hashrate and promising returns of two to thirty percent daily. The platform presented itself as Thailand’s first domestically operated cloud mining service, claiming a two-megawatt facility running Antminer S9 rigs in partnership with Bitmain’s Antpool. Beginning in August 2018, the company progressively restricted investor withdrawals; by March 2019, a documented victim group had filed police complaints claiming losses totaling 52.4 million baht. Thailand’s Securities and Exchange Commission issued a public warning stating that HashBX had not obtained Ministry of Finance approval to operate a digital asset business and had not filed an initial coin offering application as required by Thai law. Broader estimates of total losses across the investor base reached approximately 38 million US dollars, though no aggregated verified figure from a court proceeding exists. Langkaweekate and associated operators were not arrested as of the date of this filing. The company’s website domain remained accessible but the operation ceased paying investors.
HashBX launched at the end of 2016 when Thailand had no specific digital asset regulatory framework and cloud mining occupied a legal grey zone that Thai authorities were only beginning to define. The platform’s founder openly acknowledged — in an interview with Siam Blockchain at the time of launch — that he had personally lost money to fraudulent cloud mining sites before establishing HashBX, framing his venture as a transparent and verifiable alternative. The 2-megawatt facility claim, the Antpool partnership, and the offer of physical tours to Bangkok investors all served as credibility markers in a market where verifiable operations were rare. Minimum investments began at 380 baht, deliberately set within reach of retail savers.
The collapse followed the pattern common to cloud mining frauds during the 2018 Bitcoin bear market. When Bitcoin prices fell from their late-2017 peak, the revenue from any genuine mining could no longer sustain the promised daily return rates. Withdrawal conditions appeared, then multiplied. An investor who had deposited thirty million baht reported receiving cumulative returns of only thirty thousand to one hundred thousand baht. A lawyer representing seven initial complainants filed formal reports with the Metropolitan Police Bureau in March 2019; a second victim group joined the complaint soon after. The Thai SEC’s public notice — citing the absence of any Ministry of Finance license — formally confirmed the company’s unlicensed status, but no criminal prosecution was confirmed as of the date of this filing.
Laser Online (laser.online) was a high-yield investment program that ran for approximately four months in mid-2017, collecting cryptocurrency deposits from retail investors worldwide by promising 144 percent returns in twelve business days. The platform claimed to generate those returns through a combination of cloud mining infrastructure and cryptocurrency trading. It paid early investors with the funds of later ones, sustained the illusion of profitability during a period of rising Bitcoin prices, and then stopped all payouts in November 2017. By December 2017, the website had removed its YouTube channel, Twitter account, and Facebook presence. The operator identified on the website as CEO — “Antonio Garley” — was subsequently identified by investigators as a pseudonym used by someone believed to be “Bodi Klamph,” a Canadian-based individual, though no arrest or prosecution followed. Verified deposited funds at the scheme’s height reached approximately 63 million US dollars; broader estimates of total losses circulated in investor community reporting range significantly higher, and the $213 million figure cited in some aggregated fraud databases has not been confirmed by any court filing, regulatory finding, or blockchain analytics report. No operator has been charged or arrested as of the date of this filing.
Laser Online launched in the summer of 2017 with a domain registered on October 23, 2016, and a Facebook profile created on July 8, 2017. The timing was deliberate: Bitcoin had risen from under $1,000 in January 2017 to over $4,000 by August, and the pool of retail investors seeking cryptocurrency yield opportunities was expanding rapidly. The platform attracted participants across Asia, with particular concentration in the Philippines and Southeast Asia based on the demographic profile of victim accounts documented by HYIP tracking communities, though it also collected funds globally via cryptocurrency deposit. The platform’s pitch — that a 144% return cycle could be sustained through mining hardware operating at industrial scale — was not examined critically by investors experiencing a market in which cryptocurrency prices themselves were delivering extraordinary returns in the same period.
The collapse was abrupt and total. In September 2017, the platform began experiencing withdrawal processing issues. By November 13, 2017, all payouts had ceased. Within weeks the social media infrastructure was dismantled. No refund mechanism was announced. No court, regulator, or law enforcement agency has since publicly named, charged, or arrested any individual for operating Laser Online.
MiningCity (miningcity.com) was a global Bitcoin cloud mining scheme operated primarily by Grzegorz Rogowski — publicly presented as “Gregory Rogowski” or “Greg Strong” — and backed by Eyal Avramovich, who owned both MiningCity’s parent company Prophetek Ltd. and MineBest, the Warsaw-based mining firm that provided the infrastructure narrative. Launched in mid-2019, MiningCity sold 1,100-day hashrate contracts denominated in Bitcoin and, from late 2019, in Bitcoin Vault (BTCV), a proprietary token created by MineBest. The scheme raised an estimated $300 million from investors concentrated in Japan, South Korea, Vietnam, and the Philippines, plus a substantial European and Latin American base. It paid returns using new investor funds rather than genuine mining proceeds and collapsed in late 2022 when withdrawal access was restricted and then effectively eliminated, leaving investors with illiquid BTCV tokens on a platform called iMine that Avramovich subsequently merged with the remnants of the MiningCity operation. Multiple securities regulators — including those of the Philippines, the United Kingdom, Canada, Cyprus, South Africa, and Poland — issued formal fraud warnings between 2020 and 2024. As of the date of this filing, Rogowski is believed to have relocated from Poland to Dubai; Avramovich’s whereabouts are similarly uncertain. No confirmed US court filing or criminal indictment against MiningCity, Rogowski, or Avramovich has been located in public records, though the scheme’s scale and multi-jurisdictional regulatory findings place it among the largest cloud mining MLM frauds of the 2019–2022 period. The Status designation of Arrested reflects the ROSTER’s classification based on information available at the time of compilation; no specific arrest event has been independently confirmed in the public record as of the date of this filing.
The scheme differentiated itself from straightforward cloud mining contract frauds by embedding a multi-level marketing compensation structure that made investors into recruiters and created powerful social incentives to bring in new participants and suppress internal dissent. Unlike HashFlare or BitClub Network, which sold contracts to passive investors, MiningCity built a sales organisation of participants who earned commissions on their recruits’ investments — converting every investor into a potential promoter whose financial interest was aligned with growing the pool of new depositors.
CryptoMining.Farm, operated through Lifetime Technology Co. Ltd. and linked to Bangkok businessman Pimongkol Tawpibarn, ran a Bitcoin cloud mining service from at least 2014 until mid-2018, when it began systematically blocking customer withdrawals. By February 2019, thirty victims had filed formal complaints with Thailand’s Technology Crime Suppression Division, alleging combined losses of approximately 42 million Thai baht ($1.34 million at prevailing exchange rates). Thai authorities estimated the platform had attracted around 140 investors in total. Tawpibarn was publicly identified in police complaints but no criminal conviction has been confirmed in the available record.
The platform promised a guaranteed annual return of 70 percent — an implausible figure for any real mining operation — across a tiered contract menu that ranged from three-month agreements to open-ended “lifetime” contracts. Investors were explicitly told they could withdraw their principal and returns at any time, without conditions. The no-conditions clause was a core selling point, and its subsequent reversal became the central grievance of every victim who filed a complaint.
From August 2018 onward, Tawpibarn began imposing new withdrawal requirements that had no basis in the original contract terms. In early February 2019, the platform announced it would repay investors in 84 equal instalments over more than seven years, and that repayments would be made in an unnamed foreign currency — a mechanism that would have been illegal under Thai monetary law regardless of whether payments actually materialized. The announcement functioned as a de facto closure, and the site subsequently ceased responsive operation. Complaints were lodged with the Technology Crime Suppression Division on February 17, 2019.
The documented loss figure of $1.34 million reflects only the 30 formal complainants. The wider investor pool, estimated at 140 by Thai police, would imply higher aggregate losses, but no independent audit, court filing, or blockchain analysis report has established a verified total. Claims of losses in the $100 million range, which circulated in victim community forums, are not supported by any primary source identified in this filing. This dossier uses the figure established by formal police records: 42 million baht from 30 documented complainants, with the broader investor impact described as estimated.
VBit Technologies Corp., a South Philadelphia-based company founded in 2018 by Danh C. Vo, raised more than $95.6 million from approximately 6,400 investors across the United States by selling “hosting agreements” that promised customers passive income from Bitcoin mining machines Vo claimed to purchase, house, and operate on their behalf. Between December 2020 and November 2021, Vo transferred approximately $48.5 million of investor funds to personal accounts, distributed millions to family members, and lost an estimated $32 million gambling on other cryptocurrency positions. Vo left the United States in November 2021 after learning of a federal investigation and was believed to be in Vietnam as of the SEC’s December 2025 complaint. He had not retained legal representation as of publication. The SEC filed suit in the U.S. District Court for the District of Delaware on December 17, 2025.
VBit sold its hosting agreements as a largely hands-off investment: customers paid upfront for a mining machine that Vo promised to procure, maintain, and connect to favorable low-cost electricity. In practice, VBit operated a fraction of the rigs its contracts implied. In 2020, the company sold agreements covering 3,325 machines while running approximately 920. By 2021, VBit had sold contracts for nearly 8,500 rigs while operating fewer than 1,700. The online investor portal that displayed customer mining earnings and account balances showed figures the SEC alleges were fabricated — hypothetical returns unrelated to any actual Bitcoin production. The Bitcoin that VBit’s machines did mine went exclusively to accounts Vo controlled.
VBit ceased operations in 2022. The investor portal eventually went offline. Customers who had paid sums as high as $100,000 for individual hosting packages had no means of verifying whether their machines had ever been purchased or switched on. No criminal indictment had been returned as of this filing, but the SEC’s civil complaint described a scheme whose factual pattern — inventory fabrication, portal manipulation, self-dealing at scale, and flight — is consistent with the wire fraud and securities fraud charges brought in contemporaneous cloud mining cases.
The case is notable for two regulatory developments that extend beyond the immediate investor harm. The SEC’s complaint explicitly characterizes third-party Bitcoin mining hosting agreements — long treated as service contracts outside the securities framework — as securities offerings subject to registration and anti-fraud provisions. That characterization, if upheld by the Delaware court, would significantly expand the regulatory reach over an industry that has used the service-contract framing as a persistent regulatory shield.
Geosyn Mining, LLC, a Fort Worth, Texas-based company founded by Caleb Ward, raised more than $4.5 million from dozens of investors across the United States between November 2021 and January 2023 by selling hosting contracts for Bitcoin mining machines that the company either never purchased, never powered on, or misrepresented as belonging to individual customers. Ward promised investors low-cost electricity at 4.5 cents per kilowatt-hour, told them their machines were operational and actively mining, and sent photographs of hardware that belonged to other customers as proof of delivery. The company’s co-founders and sales leadership redirected tens of thousands of dollars of investor funds to personal expenses including nightclub bills, luxury watches, and firearms. Ward was convicted on November 20, 2025, by a federal jury in Fort Worth on one count of conspiracy to commit wire fraud and three counts of wire fraud. His sentencing was scheduled for March 12, 2026, with a maximum exposure of 20 years per count. Co-founders Jeremy McNutt and Jared McNutt entered plea agreements.
Geosyn operated during one of the most active periods for retail participation in Bitcoin mining hosting: the 2021–2022 bull market, when Bitcoin prices peaked above $60,000 and the economics of small-scale hosted mining appeared attractive to individual investors. The company targeted clients nationwide through direct outreach and referral, describing itself as a turnkey solution for investors who wanted mining exposure without the technical demands of self-hosted hardware. The SEC charged Geosyn, Ward, and Jeremy McNutt in April 2024, and Ward was separately indicted in May 2024 by the U.S. Attorney’s Office for the Northern District of Texas.
The scheme combined inventory fraud — selling contracts for machines that were never acquired — with a Ponzi payment structure, in which earlier investors received distributions sourced from newer investors’ capital rather than actual mining proceeds. The combination of fake hardware and recycled investor funds sustained the scheme for approximately 14 months before investor complaints forced it into collapse.
The Geosyn conviction is one of a cluster of mid-scale US cloud mining prosecutions following BitClub Network and HashFlare, demonstrating that DOJ and SEC have embedded mining fraud within their standard enforcement framework regardless of dollar amount.
On June 11, 2024, law enforcement agencies from Germany, Switzerland, Austria, Czechia, Lithuania, and Liechtenstein — coordinated by Eurojust and supported by Europol — arrested six individuals and executed 29 search warrants in connection with a multi-country cryptocurrency machine leasing pyramid that caused losses of up to EUR 113 million to thousands of victims across Europe. The organised crime group had operated a scheme based on the leasing and subleasing of cryptocurrency machines, including mining hardware and crypto exchange kiosks, promising investors returns of 70 percent before tax. The central fraud was that the leased equipment and systems that investors paid for did not exist. The scheme’s revenue for earlier participants came not from any actual equipment output but from the investment funds of newer entrants — a structure that Eurojust’s press release explicitly characterised as pyramidal.
The operation was led by German and Swiss prosecutorial authorities, who established a joint investigation team (JIT) with Eurojust support. Two coordination meetings at Eurojust preceded the June 11 action day, at which more than 280 officers participated across the six participating countries. Assets belonging to the suspects were frozen on the action day. The platform name and suspect identities were not disclosed in the Eurojust press release; operator names and charges had not entered public court record as of this filing.
The EUR 113 million loss figure places this scheme among the largest documented cloud mining and crypto machine fraud cases in European history — comparable in scale to multinational cases like MiningCity, which raised approximately $300 million globally before SEC charges in 2022, but within a specifically European jurisdictional footprint. The joint investigation team structure and the Eurojust coordination model employed in this case have become the standard architecture for European crypto fraud enforcement, with this action representing one of its largest single-day results.
The case illustrates how the structural template of cloud mining fraud — phantom hardware, guaranteed returns, subleasing layers — was adapted into a multi-country European operation targeting retail investors who believed they were acquiring stakes in physical crypto infrastructure.
Between April 2018 and at least December 2022, Utah-based Green United LLC and its two principals — founder Wright W. Thurston and lead promoter Kristoffer A. Krohn — raised at least $18 million from retail investors by selling devices they called “Green Boxes” and accompanying software subscriptions called “Green Nodes.” Investors were told the hardware would mine a proprietary cryptocurrency called GREEN on a purpose-built “Green Blockchain,” with GREEN’s value expected to increase as the company developed what it described as a public global decentralized power grid. None of that infrastructure existed. According to a complaint filed by the Securities and Exchange Commission in the District of Utah on March 3, 2023, the Green Boxes were commercially available S9 Antminers that Thurston purchased and used to mine Bitcoin for his own benefit; the bitcoin produced was never distributed to investors. The GREEN token itself was not created until several months after sales began, and the returns investors received came from pre-mined token distributions staged by Thurston to simulate active mining.
Green United deployed a multilevel marketing structure in which Krohn and affiliated promoters earned commissions for recruiting new buyers. Investors were promised monthly returns of forty to fifty percent, framed as proceeds from an active mining operation. No secondary market for GREEN tokens existed for more than two years after sales began; when one eventually formed, the token traded at a fraction of its promoted value. Apparent positive performance among early recipients suppressed skepticism and kept new capital entering through 2022.
The SEC filed its civil complaint on March 3, 2023, charging the defendants with selling unregistered securities under Sections 5(a) and 5(c) of the Securities Act and with fraud under Section 17(a) and Exchange Act Section 10(b)/Rule 10b-5. After defendants moved to dismiss, Judge Ann Marie McIff Allen ruled on September 23, 2024 that Green Boxes were sufficiently alleged to be investment contracts under Howey and that the fraud claims would proceed to trial. As of this dossier’s filing date, no trial date has been set and no criminal charges have been filed.
Between June 2017 and at least March 2022, siblings John Albert Loar Barksdale and JonAtina (Tina) Barksdale raised more than $124 million from thousands of retail investors worldwide by selling a cryptocurrency token called Ormeus Coin on the false claim that it was secured by one of the largest and most profitable bitcoin mining operations in the world. According to a Securities and Exchange Commission complaint filed in March 2022 and a simultaneously unsealed criminal indictment against John Barksdale in the Southern District of New York, neither claim was true: Ormeus Coin’s mining operation generated less than $3 million in total revenue across its entire lifespan and was abandoned in 2019.
The scheme operated through two vehicles. The first was Ormeus Global, a multi-level marketing organization through which investors purchased enrollment packages — priced up to thousands of dollars — that included Ormeus Coin and access to a purported crypto trading program. The second was a series of public ORME token offerings. Across both channels, the Barksdales sustained the fiction of a $250 million mining operation generating $5–8 million per month in revenue. To make the fiction concrete, they published a wallet address on the Ormeus Coin website appearing to hold more than $190 million in crypto assets. That wallet belonged to an unrelated third party; Ormeus wallets held less than $500,000.
The SEC filed civil fraud charges against both Barksdales on March 8, 2022; the DOJ simultaneously unsealed a criminal indictment against John Barksdale in the SDNY on four counts — securities fraud, conspiracy to commit securities fraud, wire fraud, and conspiracy to commit wire fraud — carrying a combined statutory maximum of 65 years. John Barksdale had been arrested by Thai authorities before the US charges were unsealed but escaped to Dubai before extradition could be completed and remains a wanted fugitive. On March 15, 2023, the SDNY entered a final civil judgment of approximately $82 million against both Barksdales, including disgorgement, prejudgment interest, and civil penalties. John Barksdale faces a separate criminal judgment of approximately $79 million.
From at least May 2018 through July 2021, Joy I. Kovar and her son Brent C. Kovar operated Profit Connect Wealth Services, Inc., a Las Vegas-based company that raised at least $12 million from more than 277 retail investors — and, by the time criminal charges were filed in February 2025, a documented total of approximately $24 million from at least 400 investors — by falsely claiming that an artificial intelligence supercomputer was generating extraordinary returns through cryptocurrency mining and securities trading. No functional supercomputer existed. No cryptocurrency mining operation backed the promised returns. More than ninety percent of Profit Connect’s revenue came directly from investor deposits, which were used to pay earlier investors, fund Kovar family expenses, and support Brent Kovar’s personal lifestyle — a Ponzi structure running without any productive underlying activity.
Profit Connect marketed its product as an investment in the output of a proprietary AI-powered supercomputer that, the Kovars claimed, could consistently generate fixed annual returns of between fifteen and thirty percent, with monthly compounding and a one-hundred-percent money-back guarantee. These promises were delivered through in-person seminars, online presentations, and direct investor solicitation across a network concentrated in Nevada but reaching investors nationally. Investors who joined early and received distributions could have been paid only with capital collected from later arrivals, not with any trading or mining proceeds.
On July 8, 2021, the Securities and Exchange Commission filed an emergency action in the US District Court for the District of Nevada and obtained a temporary restraining order and asset freeze against Profit Connect Wealth Services, Joy Kovar, and Brent Kovar. The court granted emergency relief on July 14, 2021, halting all operations. The SEC’s complaint charged the defendants with violating the antifraud provisions of the Securities Act and the Exchange Act through a fraudulent unregistered securities offering. A federal grand jury subsequently indicted Brent Kovar on February 13, 2025 on twelve counts of wire fraud, three counts of mail fraud, and three counts of money laundering, with the scheme’s total documented investor losses recalibrated at approximately $24 million. A jury trial was scheduled to begin April 8, 2025 in the District of Nevada before United States District Judge Jennifer A. Dorsey. As of the date of this dossier, Brent Kovar’s criminal case status remains pending.