A Connecticut man admitted to carrying out a phishing scheme in which he stole hundreds of thousands of dollars worth of Bitcoins from users on dark web forums and marketplaces.

35-year-old Michael Richo of Wallingford, Conn. plead guilty in federal court to one count of access device fraud and one count of money laundering. He stole more than $365,000 worth of Bitcoins from victims of a scam he masterminded.

Read: AlphaBay Offline: Dark Web Market May Have Disappeared In Bitcoin-Stealing Exit Scheme

Like most phishing schemes, Richo’s scam used links to fraudulent websites to trick victims into handing over their credentials. Richo would post the links on dark web forums where users often discussed illegal trade and other illicit activities.

If a user of one of the forums clicked on one of the links posted by Richo, they would be direct to what appeared to be the login screen of an online marketplace. That page was fake, designed to capture the username and password of the victim.

Once Richo had possession of a user’s login credentials, he would monitor their bitcoin balance in the real marketplace account the stolen login credentials provided access to. When the user would deposit bitcoin in their marketplace account, Richo would withdraw those funds and move them to his own bitcoin wallet before the victim could spend them.

According to the U.S. Department of Justice, Richo would resell the stolen Bitcoins through exchange markets for U.S. currency, which he would deposit in his bank account via Green Dot cards, Western Union transfers and Moneygram transfers.

Read: Phishing Attacks: Sites Designed To Steal Logins Target Android Users

Richo’s phishing scheme resulted in the theft of more than $365,000 from more than 10,000 dark web users who unwittingly handed over their usernames and passwords. The login credentials were discovered on his computer by law enforcement when he was arrested last October.

The Connecticut resident agreed to forfeit his computer equipment, electronic devices and precious coins and metals in his possession as part of his plea agreement. He is currently out of jail after posting a $100,000 bond, though he is subject to having his computer activities monitored.

Structure Security
Newsweek is hosting a Structure Security event Sept. 26-27 in San Francisco. Newsweek Media Group

Money laundering carries a maximum prison sentence of 20 years, as does wire fraud. Access device fraud has a maximum term of imprisonment of 10 years, while computer fraud has a maximum imprisonment term of five years. Aggravated identity theft, which Richo has also been charged with, carries a mandatory prison term of two years. Richo will be tried in September.

While phishing scams are prevalent on all parts of the web, Richo’s scam highlights some of the risks of operating on the dark web, where scams are not uncommon and even though users operate mostly in anonymity, they are not assured safety.

Earlier this week, prominent dark web marketplace AlphaBay suddenly went offline without notice, prompting many users to wonder if the operators of the site were carrying out an exit scheme designed to steal user funds. The operators have since been in contact with users, suggesting the site will return to operation, but it would not have been the first dark web site to disappear without notice while taking its user’s money with it.