Press Release

SEC Charges 18 Defendants in International Scheme to Manipulate Stocks Using Hacked US Brokerage Accounts

For Immediate Release

2022-145

Washington D.C., Aug. 15, 2022 —

The Securities and Exchange Commission today charged 18 individuals and entities for their roles in a fraudulent scheme in which dozens of online retail brokerage accounts were hacked and improperly used to purchase microcap stocks to manipulate the price and trading volume of those stocks. Those charged include Rahim Mohamed of Alberta, Canada, who is alleged to have coordinated the hacking attacks, and several others in and outside the U.S. who allegedly benefited from or participated in the scheme.

According to the SEC’s complaint, in late 2017 and early 2018, hackers accessed at least 31 U.S. retail brokerage accounts and used them to purchase the securities of Lotus Bio-Technology Development Corp. and Good Gaming, Inc. The unauthorized purchases allegedly enabled fraudsters, who already controlled large blocks of Lotus Bio-Tech and Good Gaming stock, to sell their holdings at artificially high prices and reap more than $1 million in illicit proceeds. According to the complaint, Davies Wong of British Columbia, Canada, and Glenn B. Laken of Illinois, respectively, controlled the majority of the Lotus Bio-Tech and Good Gaming stock that was sold while the hacking attacks were being carried out, and Mohamed coordinated with Wong, Laken, and others to orchestrate the attacks. The complaint also alleges that Richard Tang of British Columbia, Canada, was involved with both the Lotus Bio-Tech and Good Gaming schemes.

“This case illustrates the critical importance of cybersecurity and of our ongoing efforts to protect retail investors from cyber fraud,” said Gurbir S. Grewal, Director of the SEC’s Division of Enforcement. “The SEC remains committed to rooting out this type of wrongdoing. Investors should also take precautions, including choosing strong passwords, using different passwords for different accounts, and using two-factor authentication when available.”

“Our complaint details a brazen and sophisticated scheme, with hackers using international accounts and dummy accountholders to hide their tracks,” said Nekia Hackworth Jones, Director of the SEC’s Atlanta Regional Office. “As this case demonstrates, the Division can uncover misconduct even when it crosses borders and is concealed behind multiple layers of obfuscation.”

The SEC’s complaint charges violations of the antifraud and beneficial ownership reporting provisions of the Securities Act of 1933 and the Securities Exchange Act of 1934 and names two relief defendants who received proceeds from the hacks. The SEC seeks the return of ill-gotten gains plus interest, penalties, bars, and other equitable relief. The SEC’s investigation is continuing.

The SEC’s investigation has been conducted by Joshua Dickman and Lucy Graetz of the Atlanta Regional Office, Andrew McFall of the Washington, D.C. Office, and Patrick McCluskey of the Philadelphia Regional Office, with the assistance of Marlee Miller and Owen Granke of the SEC’s Office of International Affairs. The case is being supervised by Acting Chief of the Crypto Assets and Cyber Unit Carolyn Welshhans, Market Abuse Unit Chief Joseph Sansone, Justin Jeffries and Natalie Brunson of the Atlanta Regional Office, and Amy Flaherty Hartman of the Chicago Regional Office. Robert Gordon and William Hicks of the Atlanta Regional Office will lead the SEC’s litigation, supervised by M. Graham Loomis.

The SEC appreciates the assistance of the Financial Industry Regulatory Authority, the Alberta Securities Commission, the Australia Securities and Investments Commission, the British Columbia Securities Commission, the Calgary Police Service, the Cayman Islands Monetary Authority, the Dubai Financial Services Authority, the French Autorité des Marchés Financiers, the Hong Kong Securities and Futures Commission, the Mauritius Financial Services Commission, the Ontario Securities Commission, the Quebec Autorité des Marchés Financiers, the Royal Canadian Mounted Police, the Securities Commission of the Bahamas, the Sûreté du Québec, the Superintendencia del Mercado de Valores de la República Dominicana, the Swiss Financial Market Supervisory Authority, and the United Kingdom Financial Conduct Authority.

To learn more about how to protect your online investment accounts from fraud, please visit the SEC’s Office of Investor Education and Advocacy investor alerts webpage.   

###

Last Reviewed or Updated: Aug. 15, 2022

Resources