03/16/2026

Michigan Man Sentenced for Wire Fraud and Aggravated Identity Theft Charges

United States Attorney's Office District of Minnesota

MINNEAPOLIS – A Michigan man has been sentenced to 60 months’ imprisonment followed by two years of supervised release with special conditions for wire fraud and aggravated identity theft after purchasing nearly 2,500 stolen login credentials from a malicious dark web marketplace and using them to make fraudulent financial transactions and offering some for sale on other cybercriminal internet sites, announced U.S. Attorney Daniel N. Rosen.

According to court documents, from approximately February 2020 to November 2020, Andrew Shenkosky, 30, devised and executed a scheme while residing in Minnesota to defraud and obtain money through false pretenses. Shenkosky accomplished his scheme by purchasing and accessing stolen account information from the Genesis Market, an illicit online marketplace that was ultimately taken down by the FBI in or about April 2023. Genesis Market compiled hundreds of thousands of stolen login credentials, including cell phone numbers, account numbers, email addresses, usernames, and passwords from malware-infected computers of victims across the world, and offered that stolen information for sale on the dark web.

According to court documents, Shenkosky purchased an account on Genesis Market using a cryptocurrency Coinbase account he fraudulently created in the name of one of his victims, using the victim’s driver’s license. In furtherance of his scheme, Shenkosky purchased 2,468 stolen credentials of various victims on Genesis Market. Shenkosky then used the stolen data to, among other things, make an unauthorized withdrawal from one victim’s bank account without their knowledge or authorization and transferred the funds to a PayPal account under his control.  He also attempted to withdraw money from other victims’ accounts, but the transfers were reversed. Shenkosky also offered and attempted to sell one victim’s stolen account data and personal information on a now-defunct cybercriminal forum named Raid Forums.