Instagram star linked to Bank of Valletta cyber-heist sentenced to 11 years in jail

The Nigerian Instagram influencer Ramon “Hushpuppi” Abbas, 40, has been sentenced to 11 years in a United States jail after pleading guilty to money laundering and other business email schemes that cost his victims nearly $24 million – among them his role in the Bank of Valletta cyber-heist.

Abbas was a high-profile money launderer who used his celebrity status and ability to make connections with legitimate organisations. He built a global following from posting pictures of his lavish spending on cars, watches, designer clothes and private jets, amassing 2.5 million Instagram followers.

Detained by authorities in Dubai in June 2020, Abbas was extradited to California to face charges of money laundering.

Between January 18, 2019 and June 9, 2020, Abbas and his co-conspirators laundered funds fraudulently obtained through bank cyber-heists. He pleaded guilty to inflicting loss amounts of €13 million on Bank of Valletta in June, and $7.7 million losses for the so-called “victim companies” in a separate case.

Abbas was sentenced on one charge of laundering from April last year, after creating a bogus website and impersonating bank officials to trick a victim in Qatar out of $1.1 million.The U.S. Justice Department connected Abbas to the North Korean hackers through another conspirator, Canadian national Ghaleb Alaumary, who conspired with the Nigerian to launder funds from the North Korean-perpetrated cyber-heist of BOV.

Three North Koreans are indicted for their alleged roles with the Lazarus Group – aka, APT38 or Hidden Cobra – which are associated with the regime’s military intelligence operation, the Reconnaissance General Bureau.

Prosecutors allege this hacking group created malware used in the 2018 WannaCry global ransomware attack, the 2016 theft of $81 million from Bangladesh Bank and the 2014 attack on Sony Pictures Entertainment.

Believed to be located in North Korea, the three men – Kim Il, Park Jin Hyok and Jon Chang Hyok – are unlikely to face charges in the U.S., as North Korea does not extradite suspects to America.

BOV went dark on 13 February after their systems were compromised by the EmpireMonkey group, with branches, ATMs, mobile banking and even e-mail services suspended and its website taken offline.

The cyber-attack saw €13 million transferred out of the bank through false international transactions. The transactions were made to bank accounts in four countries – the US, the UK, Czechia and Hong Kong. The bank immediately advised its correspondent banks to block the transactions and the process was started to reverse the payments.

BOV recovered more than €3 million of the €13 million, the bulk of the rest being frozen in foreign jurisdictions.