A Michigan resident has found himself at the center of a criminal investigation after purchasing nearly 2,500 stolen credentials from an underground marketplace on the dark web and using them to orchestrate fraudulent financial transactions.
According to the U.S. Attorney’s Office, 29-year-old Andrew Schenkoski engaged in an elaborate fraud scheme between February and November 2020 while residing in Minnesota. He obtained access to stolen login credentials through Genesis Market, a notorious illicit online marketplace that trafficked in data harvested from malware-infected devices worldwide.
To infiltrate Genesis Market, Schenkoski allegedly used a cryptocurrency account on Coinbase, fraudulently registered in the name of one of his victims. He subsequently purchased 2,468 sets of login credentials, some of which he exploited to transfer funds from compromised bank accounts to his PayPal, while others were allegedly put up for sale on Raid Forums, a now-defunct cybercriminal platform.
In January 2025, Schenkoski was formally charged with three counts of fraud, one count of identity theft, and unlawful possession and distribution of stolen account credentials. On February 11, he appeared before a federal court in the Eastern District of Michigan, with his primary hearing scheduled for late February in Minnesota.
The FBI’s cybercrime divisions, in collaboration with the Detroit and Minneapolis field offices, conducted the investigation. The prosecution is being led by Assistant U.S. Attorneys Benjamin Behar and Robert Lewis.
