IN THE UNITED STATES DISTRICT COURT
FOR THE NORTHERN DISTRICT OF GEORGIA
ATLANTA DIVISION
U NITED S TATES OF A MERICA
v.

Criminal Information

R ONALD L. W HEELER III,
A / K / A T RAPPY ,
A / K / A T RAPPY _P ANDORA

No. 1:17-CR-377

THE UNITED STATES ATTORNEY CHARGES THAT:
(Conspiracy to Commit Access Device Fraud)
1. Beginning on a date unknown, but from at least in or about May
2015 and continuing until on or about July 3, 2017, in the Northern
District of Georgia and elsewhere, the defendant, RONALD L.
WHEELER III, a/k/a Trappy, a/k/a Trappy_Pandora, did combine,
conspire, confederate, agree, and have a tacit understanding with
Alexandre Cazes, a/k/a Alpha02, a/k/a Admin, and others known and
unknown, to commit the offense of access device fraud by using a Tor
hidden services marketplace known as AlphaBay to knowingly and
with intent to defraud traffic in and use unauthorized access devices,
including usernames, passwords, email addresses, telephone numbers,
and bank account numbers, that could be used alone and in
conjunction with another access device to obtain money, goods,

 services, and other things of value; and by such conduct obtain things
of value aggregating at least $1,000 during a one-year period,
affecting interstate and foreign commerce, in violation of Title 18,
United States Code, Section 1029(a)(2).
Manner and Means
2. The Onion Routing (“Tor”) is a technology that allows
individuals to access the internet with a high degree of anonymity by
using “onion routing,” which encrypts communications and transfers
them through random relay servers to obfuscate the identity of the
communications’ sender. Tor hidden services are a technology that
allows websites to offer services with a high degree of anonymity by,
among other things, using onion routing. To access a Tor hidden
services website, a user must connect to the website via Tor. Through
Tor, the user and the website are able to connect without revealing
their actual Internet Protocol addresses.
3. AlphaBay was an international criminal marketplace that
enabled users across the world to anonymously purchase and sell
stolen and fraudulently obtained access devices, illegal drugs,
firearms, hacking tools, and other illicit goods and services.
AlphaBay sales listings were organized into categories, including
“Fraud,” “Drugs & Chemicals,” “Counterfeit Items,” “Weapons,” and

2

 “Carded Items.” The website permitted users to search by vendor
name and provided a rating system through which a vendor may be
rated by other users, much like Amazon.com or eBay.com. Aside
from product listings, AlphaBay provided message board forums
where users could securely discuss their criminal activities and
receive support from AlphaBay staffers.
4. As of June 29, 2017, AlphaBay contained thousands of sales
listings for illegal products, including 4,488 sales listings for stolen
personally identifying information; 28,800 sales listings for stolen
online account information; 6,008 sales listings for stolen credit card
information; 3,586 sales listings for computer hacking tools, such as
botnets and exploit kits; and 257,533 sales listings for illegal drugs,
including cocaine, heroin, and a variety of opioids. The computer
hacking tools available on AlphaBay included Alina Spark and Dexter
v2, malware designed to compromise point of sale devices; Carberp,
KINS, and Tinba, malware designed to compromise banking
institutions; Dendroid, a remote access toolkit that compromises
Android devices; Grum, a spam botnet utility; Pony 2.0, malware
designed to steal login credentials; and Rovnix, a bootkit utility.
5. Financial transactions conducted on AlphaBay occurred in
virtual cryptocurrencies, such as Bitcoin, Ethereum, and Monero. The

3

 use of virtual cryptocurrencies to conduct illegal commerce on the site
concealed the details of the transactions, including the identities and
locations of the users transmitting and receiving funds.
6. Beginning on or about May 25, 2015, RONALD L. WHEELER
III began working as a public relations specialist for AlphaBay.
WHEELER’s duties included moderating the AlphaBay subreddit on
the internet website reddit.com, a news aggregation and discussion
website where users may post website links, images, videos, and other
web content; posting information about AlphaBay on other subreddits
on reddit.com; moderating the AlphaBay message board forums;
mediating sales disputes among AlphaBay users; promoting AlphaBay
on the internet; and providing non-technical assistance to AlphaBay
users.
7. RONALD L. WHEELER III, among other things, posted Tor
links on reddit.com to access AlphaBay, acted as the spokesperson for
AlphaBay on the internet, reported to the public on the operational
status of AlphaBay servers, encouraged people to join AlphaBay and
employ measures to avoid detection by law enforcement, and banned
and caused to be banned users from AlphaBay. For his work,
WHEELER obtained a Bitcoin salary from Alexandre Cazes, a/k/a
Alpha02, a/k/a Admin, the owner of AlphaBay.

4

 Overt Acts
8. In furtherance of the conspiracy and to effect the objects of the
conspiracy, the following overt acts were committed in the Northern
District of Georgia and elsewhere.
9. On or about May 25, 2015, RONALD L. WHEELER III created
an AlphaBay message board forums profile.
10. On or about August 27, 2015, RONALD L. WHEELER III
posted the following message on the AlphaBay message board
forums: “Hi agora people. I’m the official alphabay PR guy so if you
have any questions that aren’t of a technical nature I’d be happy to
help.”
11. On or about September 30, 2015, in response to a question
posted on the AlphaBay message board forums by a user stating that
he had lost 11 Bitcoin, RONALD L. WHEELER III posted: “This
thread is now locked” and locked the discussion thread so that it was
no longer open for replies.
12. On or about August 22, 2016, RONALD L. WHEELER III,
using the alias “Trappy_Pandora,” posted on the subreddit Monero a
post titled: “Hello I’m trappy of Alphabay and I’d like to know more
about you.” The content of the post contained Tor links to access
AlphaBay.

5

 13. On or about October 5, 2016, RONALD L. WHEELER III,
using the alias “Trappy_Pandora,” posted on the subreddit
DarkNetMarkets a post titled: “Alphabay down for approximately 1
hour downtime.” WHEELER later edited that post to reflect that
AlphaBay was back online. The content of the post stated:
Thank you for your continued patience as we update our servers
in order to ensure your and our security. Any questions
regarding this may be directed to me and /u/alphabaysupport
EDIT: **WE ARE BACK ONLINE**
14. On or about December 13, 2016, RONALD L. WHEELER III,
using the alias “Trappy_Pandora,” posted on the subreddit
DarkNetMarkets a post titled: “Is alphabay BACK ONLINE? YES.”
The content of the post contained Tor links to access AlphaBay.
15. On or about January 26, 2017, RONALD L. WHEELER III,
using the alias “Trappy_Pandora,” posted on the subreddit
DarkNetMarkets a post titled: “Is alphabay down? Yes. Will it be back
up soon? Yes.” The content of the post stated, in part: “I will be here
to answer any question you may have.”
16. On or about February 14, 2017, RONALD L. WHEELER III,
using the alias “Trappy_Pandora,” posted on the subreddit
DarkNetMarkets a post titled: “In light of new DEA practices, we will

6

 be waiving the vendor bond of anyone wishing to vend HEMP
products. CBD waiver still standing.” The content of the post stated:
The DEA has a mouth and must scream, and so it does.
Under no circumstances will you be dictated to in such a silly
manner as the DEA attempts. For all their declarations and
intentions, they are easily circumvented like a stop sign at an
empty intersection, and only lose taxable sales that go into our
pockets and not theirs.
Please message trappy on the market with a PGP signed
message to proceed.
Thank you for your time.
All in violation of Title 18, United States Code, Section 371.
Forfeiture
17. Upon conviction of the sole count in this Information, the
defendant, RONALD L. WHEELER III, pursuant to Title 18, United
States Code, Section 982(a)(2)(B), shall forfeit to the United States
any property constituting or derived from proceeds the defendant
obtained directly or indirectly, as the result of the offense of which the
defendant is convicted. The property to be forfeited includes, but is
not limited to, the following:
a. $27,562.00 in United States currency; and
b. 13.97524839 Bitcoins.

7

 18. If, as a result of any act or omission of the defendant,
RONALD L. WHEELER III, any property subject to forfeiture:
cannot be located upon the exercise of due diligence; has been
transferred or sold to, or deposited with, a third person; has been
placed beyond the jurisdiction of the Court; has been substantially
diminished in value; or has been commingled with other property
which cannot be subdivided without difficulty, the United States
intends, pursuant to 18 U.S.C. § 982(b)(1) and 21 U.S.C. § 853(p), to
seek forfeiture of any other property of such defendant up to the value
of the forfeitable property.

B YUNG J. P AK
United States Attorney

_________________________
S AMIR K AUSHAL
Assistant United States Attorney
Georgia Bar No. 935285
600 U.S. Courthouse
75 Ted Turner Drive SW
Atlanta, GA 30303
404-581-6000; Fax: 404-581-6181

8