SEC Charges 18 in Scheme Tied to Hacked Brokerage Accounts

What You Need to Know

Dozens of online retail brokerage accounts were allegedly hacked and improperly used to buy microcap stocks to manipulate the prices and trading volume of those stocks.
Hackers accessed at least 31 U.S. retail brokerage accounts and used them to buy shares of the common stock of two public microcap companies”: Lotus Bio-Technology Development and Good Gaming.
After obtaining the shares, certain defendants then conspired with others to subject retail brokerage accounts to online account takeover attacks,”

The Securities and Exchange Commission on Monday charged 18 individuals and entities for their roles in a stock manipulation scheme in which dozens of online retail brokerage accounts were allegedly hacked and improperly used to buy microcap stocks to manipulate the prices and trading volume of those stocks.

In a complaint filed in U.S. District Court for the Northern District of Georgia in Atlanta, the SEC claimed that, in late 2017 and early 2018, hackers accessed at least 31 U.S. retail brokerage accounts and used them to buy shares of the common stock of two public microcap companies”: Lotus Bio-Technology Development and Good Gaming.

After obtaining those shares, certain defendants then “conspired with other unknown parties to subject various retail brokerage accounts, held by innocent third-party investors, to online account takeover attacks,” according to the complaint.

The SEC didn’t identify the names of firms where the brokerage accounts were held.

The hacked accounts were then forced to make large acquisitions of LBTD and GMER common stock, artificially inflating the trading prices and volume of the stocks, the SEC claimed.

The defendants then sold the shares they acquired at those inflated prices, generating about $1.3 million in proceeds and “creating substantial profits” for them, according to the complaint.

“This case illustrates the critical importance of cybersecurity and of our ongoing efforts to protect retail investors from cyber fraud,” according to Gurbir S. Grewal, director of the SEC’s Division of Enforcement.

“The SEC remains committed to rooting out this type of wrongdoing. Investors should also take precautions, including choosing strong passwords, using different passwords for different accounts, and using two-factor authentication when available,” he said in a statement.