Between 2015 and 2018, Estonian nationals Sergei Potapenko and Ivan Turõgin collected more than $575 million from hundreds of thousands of retail investors worldwide through HashFlare, a cloud mining service that purported to rent them shares of a massive Bitcoin and cryptocurrency mining operation. According to a 2022 DOJ indictment, the underlying hardware performed Bitcoin mining at less than one percent of the computing power HashFlare claimed to have. Customers who tried to withdraw earnings were either stonewalled or paid with cryptocurrency the founders purchased on the open market — not proceeds from any actual mining.
HashFlare launched publicly in April 2015 under the corporate umbrella of HashCoins OÜ, an Estonian technology company the two men controlled. The platform sold contracts denominated in gigahashes or megahashes per second across multiple algorithms: SHA-256 for Bitcoin, Scrypt for Litecoin, and later ETHASH, Dash, and Zcash contracts. A polished web dashboard displayed running earnings figures in real time. Those figures were fabricated. When global Bitcoin prices fell sharply in mid-2018 and maintenance fees began exceeding stated returns, HashFlare announced on July 24, 2018 that it was terminating all SHA-256 Bitcoin contracts, citing a clause that allowed cancellation when daily fees exceeded customer payouts for 28 consecutive days. Customers reported their remaining balances were not refunded; HashFlare had simultaneously introduced new KYC and AML protocols that effectively froze unverified accounts.
Potapenko and Turõgin were arrested in Tallinn on November 20, 2022, in a joint operation by Estonian police and the FBI, and extradited to the United States in 2024. On February 12, 2025, both men pleaded guilty to one count each of conspiracy to commit wire fraud in the US District Court for the Western District of Washington. On August 12, 2025, Judge Robert S. Lasnik sentenced each defendant to time served — 16 months in detention since their 2022 arrest — plus a $25,000 fine and 360 hours of community service. The sentence, far below the 10-year terms prosecutors sought, immediately prompted controversy; the Department of Justice announced it was considering an appeal. As part of their plea agreement, Potapenko and Turõgin agreed to forfeit assets valued at more than $400 million for victim restitution.
The HashFlare case is the largest cloud mining fraud by dollar amount to result in US criminal convictions to date, and the first major instance of the DOJ successfully extraditing European nationals specifically for hashrate contract fraud.
MiningCity (miningcity.com) was a global Bitcoin cloud mining scheme operated primarily by Grzegorz Rogowski — publicly presented as “Gregory Rogowski” or “Greg Strong” — and backed by Eyal Avramovich, who owned both MiningCity’s parent company Prophetek Ltd. and MineBest, the Warsaw-based mining firm that provided the infrastructure narrative. Launched in mid-2019, MiningCity sold 1,100-day hashrate contracts denominated in Bitcoin and, from late 2019, in Bitcoin Vault (BTCV), a proprietary token created by MineBest. The scheme raised an estimated $300 million from investors concentrated in Japan, South Korea, Vietnam, and the Philippines, plus a substantial European and Latin American base. It paid returns using new investor funds rather than genuine mining proceeds and collapsed in late 2022 when withdrawal access was restricted and then effectively eliminated, leaving investors with illiquid BTCV tokens on a platform called iMine that Avramovich subsequently merged with the remnants of the MiningCity operation. Multiple securities regulators — including those of the Philippines, the United Kingdom, Canada, Cyprus, South Africa, and Poland — issued formal fraud warnings between 2020 and 2024. As of the date of this filing, Rogowski is believed to have relocated from Poland to Dubai; Avramovich’s whereabouts are similarly uncertain. No confirmed US court filing or criminal indictment against MiningCity, Rogowski, or Avramovich has been located in public records, though the scheme’s scale and multi-jurisdictional regulatory findings place it among the largest cloud mining MLM frauds of the 2019–2022 period. The Status designation of Arrested reflects the ROSTER’s classification based on information available at the time of compilation; no specific arrest event has been independently confirmed in the public record as of the date of this filing.
The scheme differentiated itself from straightforward cloud mining contract frauds by embedding a multi-level marketing compensation structure that made investors into recruiters and created powerful social incentives to bring in new participants and suppress internal dissent. Unlike HashFlare or BitClub Network, which sold contracts to passive investors, MiningCity built a sales organisation of participants who earned commissions on their recruits’ investments — converting every investor into a potential promoter whose financial interest was aligned with growing the pool of new depositors.
VBit Technologies Corp., a South Philadelphia-based company founded in 2018 by Danh C. Vo, raised more than $95.6 million from approximately 6,400 investors across the United States by selling “hosting agreements” that promised customers passive income from Bitcoin mining machines Vo claimed to purchase, house, and operate on their behalf. Between December 2020 and November 2021, Vo transferred approximately $48.5 million of investor funds to personal accounts, distributed millions to family members, and lost an estimated $32 million gambling on other cryptocurrency positions. Vo left the United States in November 2021 after learning of a federal investigation and was believed to be in Vietnam as of the SEC’s December 2025 complaint. He had not retained legal representation as of publication. The SEC filed suit in the U.S. District Court for the District of Delaware on December 17, 2025.
VBit sold its hosting agreements as a largely hands-off investment: customers paid upfront for a mining machine that Vo promised to procure, maintain, and connect to favorable low-cost electricity. In practice, VBit operated a fraction of the rigs its contracts implied. In 2020, the company sold agreements covering 3,325 machines while running approximately 920. By 2021, VBit had sold contracts for nearly 8,500 rigs while operating fewer than 1,700. The online investor portal that displayed customer mining earnings and account balances showed figures the SEC alleges were fabricated — hypothetical returns unrelated to any actual Bitcoin production. The Bitcoin that VBit’s machines did mine went exclusively to accounts Vo controlled.
VBit ceased operations in 2022. The investor portal eventually went offline. Customers who had paid sums as high as $100,000 for individual hosting packages had no means of verifying whether their machines had ever been purchased or switched on. No criminal indictment had been returned as of this filing, but the SEC’s civil complaint described a scheme whose factual pattern — inventory fabrication, portal manipulation, self-dealing at scale, and flight — is consistent with the wire fraud and securities fraud charges brought in contemporaneous cloud mining cases.
The case is notable for two regulatory developments that extend beyond the immediate investor harm. The SEC’s complaint explicitly characterizes third-party Bitcoin mining hosting agreements — long treated as service contracts outside the securities framework — as securities offerings subject to registration and anti-fraud provisions. That characterization, if upheld by the Delaware court, would significantly expand the regulatory reach over an industry that has used the service-contract framing as a persistent regulatory shield.
On June 11, 2024, law enforcement agencies from Germany, Switzerland, Austria, Czechia, Lithuania, and Liechtenstein — coordinated by Eurojust and supported by Europol — arrested six individuals and executed 29 search warrants in connection with a multi-country cryptocurrency machine leasing pyramid that caused losses of up to EUR 113 million to thousands of victims across Europe. The organised crime group had operated a scheme based on the leasing and subleasing of cryptocurrency machines, including mining hardware and crypto exchange kiosks, promising investors returns of 70 percent before tax. The central fraud was that the leased equipment and systems that investors paid for did not exist. The scheme’s revenue for earlier participants came not from any actual equipment output but from the investment funds of newer entrants — a structure that Eurojust’s press release explicitly characterised as pyramidal.
The operation was led by German and Swiss prosecutorial authorities, who established a joint investigation team (JIT) with Eurojust support. Two coordination meetings at Eurojust preceded the June 11 action day, at which more than 280 officers participated across the six participating countries. Assets belonging to the suspects were frozen on the action day. The platform name and suspect identities were not disclosed in the Eurojust press release; operator names and charges had not entered public court record as of this filing.
The EUR 113 million loss figure places this scheme among the largest documented cloud mining and crypto machine fraud cases in European history — comparable in scale to multinational cases like MiningCity, which raised approximately $300 million globally before SEC charges in 2022, but within a specifically European jurisdictional footprint. The joint investigation team structure and the Eurojust coordination model employed in this case have become the standard architecture for European crypto fraud enforcement, with this action representing one of its largest single-day results.
The case illustrates how the structural template of cloud mining fraud — phantom hardware, guaranteed returns, subleasing layers — was adapted into a multi-country European operation targeting retail investors who believed they were acquiring stakes in physical crypto infrastructure.